[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-45452":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":75,"related":76,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":98,"kevs":179,"epss":180,"epss_history":183,"metrics":448,"affected":463},"CVE-2021-45452","Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43,44],"GHSA-jrh2-hc4r-7jwx","BIT-django-2021-45452","PYSEC-2022-3",[],[47,49,51,53,55,57,59,61,63,65,67,69,71,73],{"_key":48},"SUSE-SU-2022:0103-1",{"_key":50},"SUSE-SU-2022:0102-1",{"_key":52},"SUSE-SU-2022:0286-1",{"_key":54},"UBUNTU-CVE-2021-45452",{"_key":56},"OPENSUSE-SU-2023:0005-1",{"_key":58},"OPENSUSE-SU-2024:11725-1",{"_key":60},"OPENSUSE-SU-2024:14208-1",{"_key":62},"OPENSUSE-SU-2025:14662-1",{"_key":64},"DLA-3191-1",{"_key":66},"OPENSUSE-SU-2026:10005-1",{"_key":68},"MGASA-2022-0011",{"_key":70},"USN-5204-1",{"_key":72},"DEBIAN-CVE-2021-45452",{"_key":74},"RHSA-2022:5498",[],[77,78,79,80,81,82,83,84,85],{"_key":48},{"_key":50},{"_key":52},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":66},{"_key":68},"2022-01-04T23:09:40.000Z","2024-08-04T04:39:21.126Z","Modified",{"cisa_kev":90,"cisa_ransomware":90,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":88},false,"low",0.00238,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[99,105,113,119,124,129,134,138,142,146,150,154,159,163,167,171,175],{"url":100,"sources":101,"tags":103},"https://groups.google.com/forum/#%21forum/django-announce",[102,96],"cve.org",[104],"X Refsource MISC",{"url":106,"sources":107,"tags":109},"https://docs.djangoproject.com/en/4.0/releases/security/",[102,96,108],"osv_pypi",[104,110,111,112],"Patch","Vendor Advisory","WEB",{"url":114,"sources":115,"tags":116},"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/",[102,96,108],[117,110,111,118],"X Refsource CONFIRM","ARTICLE",{"url":120,"sources":121,"tags":122},"https://security.netapp.com/advisory/ntap-20220121-0005/",[102,96],[117,123],"Third Party Advisory",{"url":125,"sources":126,"tags":127},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/",[102,96],[111,128],"X Refsource FEDORA",{"url":130,"sources":131,"tags":132},"https://nvd.nist.gov/vuln/detail/CVE-2021-45452",[108],[133],"Advisory",{"url":135,"sources":136,"tags":137},"https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1",[108],[112],{"url":139,"sources":140,"tags":141},"https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b",[108],[112],{"url":143,"sources":144,"tags":145},"https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6",[108],[112],{"url":147,"sources":148,"tags":149},"https://docs.djangoproject.com/en/4.0/releases/security",[108],[112],{"url":151,"sources":152,"tags":153},"https://github.com/advisories/GHSA-jrh2-hc4r-7jwx",[108],[133],{"url":155,"sources":156,"tags":157},"https://github.com/django/django",[108],[158],"PACKAGE",{"url":160,"sources":161,"tags":162},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-3.yaml",[108],[112],{"url":164,"sources":165,"tags":166},"https://groups.google.com/forum/#!forum/django-announce",[108],[112],{"url":168,"sources":169,"tags":170},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV",[108],[112],{"url":172,"sources":173,"tags":174},"https://security.netapp.com/advisory/ntap-20220121-0005",[108],[112],{"url":176,"sources":177,"tags":178},"https://www.djangoproject.com/weblog/2022/jan/04/security-releases",[108],[112],[],{"date":181,"score":92,"percentile":182},"2026-06-04",0.47049,[184,188,191,194,197,200,203,206,209,211,214,217,220,223,226,230,233,236,239,242,245,248,250,252,255,258,261,264,267,270,273,275,278,281,284,286,289,291,294,297,300,303,306,308,311,314,317,320,323,325,328,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,403,407,410,413,416,419,422,424,427,430,433,436,439,442,445],{"date":185,"score":186,"percentile":187},"2025-11-04",0.00339,0.56054,{"date":189,"score":186,"percentile":190},"2025-11-05",0.56017,{"date":192,"score":186,"percentile":193},"2025-11-06",0.56026,{"date":195,"score":186,"percentile":196},"2025-11-07",0.56047,{"date":198,"score":186,"percentile":199},"2025-11-08",0.56051,{"date":201,"score":186,"percentile":202},"2025-11-09",0.56041,{"date":204,"score":186,"percentile":205},"2025-11-10",0.56014,{"date":207,"score":186,"percentile":208},"2025-11-11",0.56029,{"date":210,"score":186,"percentile":187},"2025-11-12",{"date":212,"score":186,"percentile":213},"2025-11-13",0.56061,{"date":215,"score":186,"percentile":216},"2025-11-14",0.56064,{"date":218,"score":186,"percentile":219},"2025-11-15",0.56055,{"date":221,"score":186,"percentile":222},"2025-11-16",0.56039,{"date":224,"score":186,"percentile":225},"2025-11-17",0.56031,{"date":227,"score":228,"percentile":229},"2025-11-18",0.00286,0.4908,{"date":231,"score":228,"percentile":232},"2025-11-19",0.49095,{"date":234,"score":228,"percentile":235},"2025-11-20",0.49082,{"date":237,"score":186,"percentile":238},"2025-11-21",0.56042,{"date":240,"score":186,"percentile":241},"2025-11-22",0.56037,{"date":243,"score":186,"percentile":244},"2025-11-23",0.56013,{"date":246,"score":186,"percentile":247},"2025-11-24",0.56008,{"date":249,"score":186,"percentile":244},"2025-11-25",{"date":251,"score":186,"percentile":190},"2025-11-26",{"date":253,"score":186,"percentile":254},"2025-11-27",0.56019,{"date":256,"score":186,"percentile":257},"2025-11-28",0.55994,{"date":259,"score":186,"percentile":260},"2025-11-29",0.55981,{"date":262,"score":186,"percentile":263},"2025-11-30",0.55969,{"date":265,"score":186,"percentile":266},"2025-12-01",0.56126,{"date":268,"score":186,"percentile":269},"2025-12-02",0.56139,{"date":271,"score":186,"percentile":272},"2025-12-03",0.56135,{"date":274,"score":186,"percentile":263},"2025-12-04",{"date":276,"score":186,"percentile":277},"2025-12-05",0.55985,{"date":279,"score":186,"percentile":280},"2025-12-06",0.55986,{"date":282,"score":186,"percentile":283},"2025-12-07",0.55982,{"date":285,"score":186,"percentile":280},"2025-12-08",{"date":287,"score":186,"percentile":288},"2025-12-09",0.56005,{"date":290,"score":186,"percentile":216},"2025-12-10",{"date":292,"score":186,"percentile":293},"2025-12-11",0.56086,{"date":295,"score":186,"percentile":296},"2025-12-12",0.56109,{"date":298,"score":186,"percentile":299},"2025-12-13",0.56104,{"date":301,"score":186,"percentile":302},"2025-12-14",0.56103,{"date":304,"score":186,"percentile":305},"2025-12-15",0.5609,{"date":307,"score":186,"percentile":302},"2025-12-16",{"date":309,"score":186,"percentile":310},"2025-12-17",0.56122,{"date":312,"score":186,"percentile":313},"2025-12-18",0.56163,{"date":315,"score":186,"percentile":316},"2025-12-19",0.5617,{"date":318,"score":186,"percentile":319},"2025-12-20",0.56165,{"date":321,"score":186,"percentile":322},"2025-12-21",0.56144,{"date":324,"score":186,"percentile":266},"2025-12-22",{"date":326,"score":186,"percentile":327},"2025-12-23",0.56132,{"date":329,"score":330,"percentile":331},"2025-12-24",0.00293,0.52314,{"date":333,"score":330,"percentile":334},"2025-12-25",0.5236,{"date":336,"score":330,"percentile":337},"2025-12-26",0.52353,{"date":339,"score":330,"percentile":340},"2025-12-27",0.52392,{"date":342,"score":330,"percentile":343},"2025-12-28",0.52328,{"date":345,"score":330,"percentile":346},"2025-12-29",0.52308,{"date":348,"score":330,"percentile":349},"2025-12-30",0.52302,{"date":351,"score":330,"percentile":352},"2025-12-31",0.5232,{"date":354,"score":330,"percentile":355},"2026-01-01",0.52485,{"date":357,"score":330,"percentile":358},"2026-01-02",0.52464,{"date":360,"score":330,"percentile":361},"2026-01-03",0.52461,{"date":363,"score":330,"percentile":364},"2026-01-04",0.52292,{"date":366,"score":330,"percentile":367},"2026-01-05",0.5228,{"date":369,"score":330,"percentile":370},"2026-01-06",0.52286,{"date":372,"score":330,"percentile":373},"2026-01-07",0.52309,{"date":375,"score":330,"percentile":376},"2026-01-08",0.52329,{"date":378,"score":330,"percentile":379},"2026-01-09",0.52315,{"date":381,"score":330,"percentile":382},"2026-01-10",0.52312,{"date":384,"score":330,"percentile":385},"2026-01-11",0.52293,{"date":387,"score":330,"percentile":388},"2026-01-12",0.52251,{"date":390,"score":330,"percentile":391},"2026-01-13",0.52226,{"date":393,"score":330,"percentile":394},"2026-01-14",0.52271,{"date":396,"score":330,"percentile":397},"2026-01-15",0.52273,{"date":399,"score":330,"percentile":400},"2026-01-16",0.52291,{"date":402,"score":330,"percentile":397},"2026-01-17",{"date":404,"score":405,"percentile":406},"2026-01-18",0.00311,0.5378,{"date":408,"score":405,"percentile":409},"2026-01-19",0.53773,{"date":411,"score":405,"percentile":412},"2026-01-20",0.53776,{"date":414,"score":405,"percentile":415},"2026-01-21",0.53781,{"date":417,"score":405,"percentile":418},"2026-01-22",0.53786,{"date":420,"score":405,"percentile":421},"2026-01-23",0.5383,{"date":423,"score":405,"percentile":421},"2026-01-24",{"date":425,"score":405,"percentile":426},"2026-01-25",0.53789,{"date":428,"score":330,"percentile":429},"2026-01-26",0.52237,{"date":431,"score":330,"percentile":432},"2026-01-27",0.52244,{"date":434,"score":330,"percentile":435},"2026-01-28",0.52257,{"date":437,"score":330,"percentile":438},"2026-01-29",0.52255,{"date":440,"score":330,"percentile":441},"2026-01-30",0.52256,{"date":443,"score":330,"percentile":444},"2026-01-31",0.52263,{"date":446,"score":330,"percentile":447},"2026-02-01",0.52401,[449,458],{"source":96,"cvss_v2_0":450,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":451,"baseSeverity":9,"vectorString":452,"impactScore":453,"exploitabilityScore":454},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":94,"baseSeverity":456,"vectorString":97,"impactScore":457,"exploitabilityScore":454},"MEDIUM",2.3,{"source":108,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":459,"cvss_v4_0":460},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":457,"exploitabilityScore":454},{"baseScore":461,"baseSeverity":9,"vectorString":462,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",[464,485,492],{"ecosystem":9,"name":465,"vendor":466,"product":465,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"django","djangoproject","a",[469,477,481],{"version":470,"is_range":471,"range_type":472,"version_start":473,"version_start_type":474,"version_end":475,"version_end_type":476,"fixed_in":9},"gte2.2_lt2.2.26",true,"cpe","2.2","including","2.2.26","excluding",{"version":478,"is_range":471,"range_type":472,"version_start":479,"version_start_type":474,"version_end":480,"version_end_type":476,"fixed_in":9},"gte3.2_lt3.2.11","3.2","3.2.11",{"version":482,"is_range":471,"range_type":472,"version_start":483,"version_start_type":474,"version_end":484,"version_end_type":476,"fixed_in":9},"gte4.0_lt4.0.1","4.0","4.0.1",{"ecosystem":9,"name":486,"vendor":487,"product":486,"cpe_part":488,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":489},"fedora","fedoraproject","o",[490],{"version":491,"is_range":90,"range_type":472,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"ecosystem":493,"name":465,"vendor":493,"product":465,"cpe_part":9,"purl_type":494,"purl_namespace":9,"purl_name":465,"source":9,"versions":495},"PyPI","pypi",[496,499,501],{"version":497,"is_range":471,"range_type":498,"version_start":473,"version_start_type":474,"version_end":475,"version_end_type":476,"fixed_in":9},"gte2_2_lt2_2_26","ecosystem",{"version":500,"is_range":471,"range_type":498,"version_start":479,"version_start_type":474,"version_end":480,"version_end_type":476,"fixed_in":9},"gte3_2_lt3_2_11",{"version":502,"is_range":471,"range_type":498,"version_start":483,"version_start_type":474,"version_end":484,"version_end_type":476,"fixed_in":9},"gte4_0_lt4_0_1"]