[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-22818":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":58,"downstream":59,"duplicates":98,"related":99,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":119,"kevs":201,"epss":202,"epss_history":205,"metrics":469,"affected":485},"CVE-2022-22818","The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_97728337CA11E361","Exploit Reference (djangoproject.com)","reference","https://www.djangoproject.com/weblog/2022/feb/01/security-releases/","unknown",0.2,false,[],[55,56,57],"GHSA-95rw-fx8r-36v6","BIT-django-2022-22818","PYSEC-2022-19",[],[60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":61},"RHSA-2022:8853",{"_key":63},"SUSE-SU-2022:0285-1",{"_key":65},"SUSE-SU-2022:0286-1",{"_key":67},"UBUNTU-CVE-2022-22818",{"_key":69},"USN-5269-1",{"_key":71},"OPENSUSE-SU-2023:0005-1",{"_key":73},"OPENSUSE-SU-2024:11804-1",{"_key":75},"OPENSUSE-SU-2024:14208-1",{"_key":77},"OPENSUSE-SU-2025:14662-1",{"_key":79},"RHSA-2022:8872",{"_key":81},"DLA-2906-1",{"_key":83},"DLA-3191-1",{"_key":85},"DSA-5254-1",{"_key":87},"OPENSUSE-SU-2026:10005-1",{"_key":89},"MGASA-2022-0104",{"_key":91},"DEBIAN-CVE-2022-22818",{"_key":93},"RHSA-2022:5498",{"_key":95},"USN-5269-2",{"_key":97},"RHSA-2022:8506",[],[100,101,102,103,104,105,106,107],{"_key":63},{"_key":65},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":87},{"_key":89},"2022-02-03T00:00:00.000Z","2024-08-03T03:21:49.173Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":112,"epss_score":113,"severity":114,"severity_score":115,"severity_version":116,"severity_source":117,"severity_vector":118,"severity_status":110},"low",0.00554,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[120,125,133,138,143,147,151,156,160,164,168,172,176,181,185,189,193,197],{"url":121,"sources":122,"tags":124},"https://groups.google.com/forum/#%21forum/django-announce",[123,117],"cve.org",[],{"url":126,"sources":127,"tags":129},"https://docs.djangoproject.com/en/4.0/releases/security/",[123,117,128],"osv_pypi",[130,131,132],"Patch","Third Party Advisory","WEB",{"url":49,"sources":134,"tags":135},[123,117,128],[136,130,131,137],"Exploit","ARTICLE",{"url":139,"sources":140,"tags":141},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/",[123,117],[142],"Vendor Advisory",{"url":144,"sources":145,"tags":146},"https://security.netapp.com/advisory/ntap-20220221-0003/",[123,117],[131],{"url":148,"sources":149,"tags":150},"https://www.debian.org/security/2022/dsa-5254",[123,117,128],[142,131,132],{"url":152,"sources":153,"tags":154},"https://nvd.nist.gov/vuln/detail/CVE-2022-22818",[128],[155],"Advisory",{"url":157,"sources":158,"tags":159},"https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5",[128],[132],{"url":161,"sources":162,"tags":163},"https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2",[128],[132],{"url":165,"sources":166,"tags":167},"https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6",[128],[132],{"url":169,"sources":170,"tags":171},"https://docs.djangoproject.com/en/4.0/releases/security",[128],[132],{"url":173,"sources":174,"tags":175},"https://github.com/advisories/GHSA-95rw-fx8r-36v6",[128],[155],{"url":177,"sources":178,"tags":179},"https://github.com/django/django",[128],[180],"PACKAGE",{"url":182,"sources":183,"tags":184},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-19.yaml",[128],[132],{"url":186,"sources":187,"tags":188},"https://groups.google.com/forum/#!forum/django-announce",[128],[132],{"url":190,"sources":191,"tags":192},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV",[128],[132],{"url":194,"sources":195,"tags":196},"https://security.netapp.com/advisory/ntap-20220221-0003",[128],[132],{"url":198,"sources":199,"tags":200},"https://www.djangoproject.com/weblog/2022/feb/01/security-releases",[128],[132],[],{"date":203,"score":113,"percentile":204},"2026-06-04",0.68433,[206,210,213,216,219,222,225,228,231,235,238,241,244,247,250,254,257,260,263,266,269,272,275,278,280,282,285,288,291,294,297,300,302,305,308,310,313,316,319,322,324,327,329,332,335,338,341,344,346,349,352,355,358,361,365,368,371,374,377,380,383,386,389,392,395,398,401,404,406,409,412,414,417,420,422,424,428,431,434,437,440,443,446,449,452,454,457,460,463,466],{"date":207,"score":208,"percentile":209},"2025-11-04",0.01106,0.77396,{"date":211,"score":208,"percentile":212},"2025-11-05",0.77399,{"date":214,"score":208,"percentile":215},"2025-11-06",0.77398,{"date":217,"score":208,"percentile":218},"2025-11-07",0.77412,{"date":220,"score":208,"percentile":221},"2025-11-08",0.77418,{"date":223,"score":208,"percentile":224},"2025-11-09",0.77414,{"date":226,"score":208,"percentile":227},"2025-11-10",0.77402,{"date":229,"score":208,"percentile":230},"2025-11-11",0.77404,{"date":232,"score":233,"percentile":234},"2025-11-12",0.01201,0.78273,{"date":236,"score":233,"percentile":237},"2025-11-13",0.78281,{"date":239,"score":233,"percentile":240},"2025-11-14",0.7829,{"date":242,"score":233,"percentile":243},"2025-11-15",0.78288,{"date":245,"score":233,"percentile":246},"2025-11-16",0.78291,{"date":248,"score":233,"percentile":249},"2025-11-17",0.78285,{"date":251,"score":252,"percentile":253},"2025-11-18",0.04347,0.87825,{"date":255,"score":252,"percentile":256},"2025-11-19",0.87829,{"date":258,"score":252,"percentile":259},"2025-11-20",0.87834,{"date":261,"score":233,"percentile":262},"2025-11-21",0.78313,{"date":264,"score":233,"percentile":265},"2025-11-22",0.78314,{"date":267,"score":233,"percentile":268},"2025-11-23",0.78302,{"date":270,"score":233,"percentile":271},"2025-11-24",0.783,{"date":273,"score":233,"percentile":274},"2025-11-25",0.78306,{"date":276,"score":233,"percentile":277},"2025-11-26",0.7831,{"date":279,"score":233,"percentile":265},"2025-11-27",{"date":281,"score":233,"percentile":274},"2025-11-28",{"date":283,"score":233,"percentile":284},"2025-11-29",0.78312,{"date":286,"score":233,"percentile":287},"2025-11-30",0.78309,{"date":289,"score":233,"percentile":290},"2025-12-01",0.78404,{"date":292,"score":233,"percentile":293},"2025-12-02",0.78412,{"date":295,"score":233,"percentile":296},"2025-12-03",0.78409,{"date":298,"score":233,"percentile":299},"2025-12-04",0.78307,{"date":301,"score":233,"percentile":265},"2025-12-05",{"date":303,"score":233,"percentile":304},"2025-12-06",0.78316,{"date":306,"score":233,"percentile":307},"2025-12-07",0.78311,{"date":309,"score":233,"percentile":304},"2025-12-08",{"date":311,"score":233,"percentile":312},"2025-12-09",0.78333,{"date":314,"score":233,"percentile":315},"2025-12-10",0.78356,{"date":317,"score":233,"percentile":318},"2025-12-11",0.78371,{"date":320,"score":233,"percentile":321},"2025-12-12",0.78389,{"date":323,"score":233,"percentile":321},"2025-12-13",{"date":325,"score":233,"percentile":326},"2025-12-14",0.78388,{"date":328,"score":233,"percentile":326},"2025-12-15",{"date":330,"score":233,"percentile":331},"2025-12-16",0.78399,{"date":333,"score":233,"percentile":334},"2025-12-17",0.78408,{"date":336,"score":233,"percentile":337},"2025-12-18",0.78424,{"date":339,"score":233,"percentile":340},"2025-12-19",0.78435,{"date":342,"score":233,"percentile":343},"2025-12-20",0.78431,{"date":345,"score":233,"percentile":337},"2025-12-21",{"date":347,"score":233,"percentile":348},"2025-12-22",0.78428,{"date":350,"score":233,"percentile":351},"2025-12-23",0.78429,{"date":353,"score":233,"percentile":354},"2025-12-24",0.78441,{"date":356,"score":233,"percentile":357},"2025-12-25",0.78462,{"date":359,"score":233,"percentile":360},"2025-12-26",0.78461,{"date":362,"score":363,"percentile":364},"2025-12-27",0.01011,0.76642,{"date":366,"score":233,"percentile":367},"2025-12-28",0.7845,{"date":369,"score":233,"percentile":370},"2025-12-29",0.78446,{"date":372,"score":233,"percentile":373},"2025-12-30",0.78452,{"date":375,"score":363,"percentile":376},"2025-12-31",0.76588,{"date":378,"score":363,"percentile":379},"2026-01-01",0.76719,{"date":381,"score":363,"percentile":382},"2026-01-02",0.76722,{"date":384,"score":363,"percentile":385},"2026-01-03",0.76721,{"date":387,"score":363,"percentile":388},"2026-01-04",0.76596,{"date":390,"score":363,"percentile":391},"2026-01-05",0.76587,{"date":393,"score":363,"percentile":394},"2026-01-06",0.76597,{"date":396,"score":363,"percentile":397},"2026-01-07",0.76607,{"date":399,"score":363,"percentile":400},"2026-01-08",0.76616,{"date":402,"score":363,"percentile":403},"2026-01-09",0.76625,{"date":405,"score":363,"percentile":403},"2026-01-10",{"date":407,"score":363,"percentile":408},"2026-01-11",0.76619,{"date":410,"score":363,"percentile":411},"2026-01-12",0.76604,{"date":413,"score":363,"percentile":411},"2026-01-13",{"date":415,"score":363,"percentile":416},"2026-01-14",0.76627,{"date":418,"score":363,"percentile":419},"2026-01-15",0.76633,{"date":421,"score":363,"percentile":364},"2026-01-16",{"date":423,"score":363,"percentile":364},"2026-01-17",{"date":425,"score":426,"percentile":427},"2026-01-18",0.01039,0.76966,{"date":429,"score":426,"percentile":430},"2026-01-19",0.76961,{"date":432,"score":426,"percentile":433},"2026-01-20",0.76958,{"date":435,"score":426,"percentile":436},"2026-01-21",0.76965,{"date":438,"score":426,"percentile":439},"2026-01-22",0.76971,{"date":441,"score":426,"percentile":442},"2026-01-23",0.77002,{"date":444,"score":426,"percentile":445},"2026-01-24",0.77011,{"date":447,"score":426,"percentile":448},"2026-01-25",0.77,{"date":450,"score":363,"percentile":451},"2026-01-26",0.76672,{"date":453,"score":363,"percentile":451},"2026-01-27",{"date":455,"score":363,"percentile":456},"2026-01-28",0.76682,{"date":458,"score":363,"percentile":459},"2026-01-29",0.76675,{"date":461,"score":363,"percentile":462},"2026-01-30",0.7668,{"date":464,"score":363,"percentile":465},"2026-01-31",0.76676,{"date":467,"score":363,"percentile":468},"2026-02-01",0.76795,[470,480],{"source":117,"cvss_v2_0":471,"cvss_v3_0":9,"cvss_v3_1":476,"cvss_v4_0":9},{"baseScore":472,"baseSeverity":9,"vectorString":473,"impactScore":474,"exploitabilityScore":475},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":115,"baseSeverity":477,"vectorString":118,"impactScore":478,"exploitabilityScore":479},"MEDIUM",4.5,7.2,{"source":128,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":481,"cvss_v4_0":482},{"baseScore":115,"baseSeverity":9,"vectorString":118,"impactScore":478,"exploitabilityScore":479},{"baseScore":483,"baseSeverity":9,"vectorString":484,"impactScore":9,"exploitabilityScore":9},5.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[486,495,516,522],{"ecosystem":9,"name":487,"vendor":488,"product":489,"cpe_part":490,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":491},"debian linux","debian","debian_linux","o",[492],{"version":493,"is_range":52,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":496,"vendor":497,"product":498,"cpe_part":499,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"Django","djangoproject","django","a",[501,508,512],{"version":502,"is_range":503,"range_type":494,"version_start":504,"version_start_type":505,"version_end":506,"version_end_type":507,"fixed_in":9},"gte2.2_lt2.2.27",true,"2.2","including","2.2.27","excluding",{"version":509,"is_range":503,"range_type":494,"version_start":510,"version_start_type":505,"version_end":511,"version_end_type":507,"fixed_in":9},"gte3.2_lt3.2.12","3.2","3.2.12",{"version":513,"is_range":503,"range_type":494,"version_start":514,"version_start_type":505,"version_end":515,"version_end_type":507,"fixed_in":9},"gte4.0_lt4.0.2","4.0","4.0.2",{"ecosystem":9,"name":517,"vendor":518,"product":517,"cpe_part":490,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":519},"fedora","fedoraproject",[520],{"version":521,"is_range":52,"range_type":494,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"ecosystem":523,"name":498,"vendor":523,"product":498,"cpe_part":9,"purl_type":524,"purl_namespace":9,"purl_name":498,"source":9,"versions":525},"PyPI","pypi",[526,529,531],{"version":527,"is_range":503,"range_type":528,"version_start":504,"version_start_type":505,"version_end":506,"version_end_type":507,"fixed_in":9},"gte2_2_lt2_2_27","ecosystem",{"version":530,"is_range":503,"range_type":528,"version_start":510,"version_start_type":505,"version_end":511,"version_end_type":507,"fixed_in":9},"gte3_2_lt3_2_12",{"version":532,"is_range":503,"range_type":528,"version_start":514,"version_start_type":505,"version_end":515,"version_end_type":507,"fixed_in":9},"gte4_0_lt4_0_2"]