[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-28346":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":95,"related":96,"reserved_at":9,"published_at":106,"modified_at":107,"state":108,"summary":109,"references_raw":118,"kevs":221,"epss":222,"epss_history":225,"metrics":486,"affected":500},"CVE-2022-28346","An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47,48],"GHSA-2gwj-7jmv-h26r","BIT-django-2022-28346","PYSEC-2022-190",[],[51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93],{"_key":52},"SUSE-SU-2022:3338-1",{"_key":54},"SUSE-SU-2022:3339-1",{"_key":56},"UBUNTU-CVE-2022-28346",{"_key":58},"USN-5373-1",{"_key":60},"SUSE-SU-2024:2817-1",{"_key":62},"OPENSUSE-SU-2023:0005-1",{"_key":64},"OPENSUSE-SU-2024:12094-1",{"_key":66},"OPENSUSE-SU-2024:14208-1",{"_key":68},"OPENSUSE-SU-2025:14662-1",{"_key":70},"RHSA-2022:5115",{"_key":72},"RHSA-2022:5602",{"_key":74},"RHSA-2022:5702",{"_key":76},"RHSA-2022:5703",{"_key":78},"RHSA-2022:8872",{"_key":80},"DLA-2982-1",{"_key":82},"DLA-3177-1",{"_key":84},"DSA-5254-1",{"_key":86},"OPENSUSE-SU-2026:10005-1",{"_key":88},"MGASA-2022-0190",{"_key":90},"DEBIAN-CVE-2022-28346",{"_key":92},"RHSA-2022:5498",{"_key":94},"USN-5373-2",[],[97,98,99,100,101,102,103,104,105],{"_key":52},{"_key":54},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":86},{"_key":88},"2022-04-12T00:00:00.000Z","2025-02-13T16:32:33.638Z","Modified",{"cisa_kev":110,"cisa_ransomware":110,"cisa_vendor":9,"epss_severity":111,"epss_score":112,"severity":113,"severity_score":114,"severity_version":115,"severity_source":116,"severity_vector":117,"severity_status":108},false,"low",0.01971,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[119,124,132,138,143,147,151,155,159,163,168,172,176,180,184,188,192,197,201,205,209,213,217],{"url":120,"sources":121,"tags":123},"https://groups.google.com/forum/#%21forum/django-announce",[122,116],"cve.org",[],{"url":125,"sources":126,"tags":128},"https://docs.djangoproject.com/en/4.0/releases/security/",[122,116,127],"osv_pypi",[129,130,131],"Patch","Vendor Advisory","WEB",{"url":133,"sources":134,"tags":135},"http://www.openwall.com/lists/oss-security/2022/04/11/1",[122,116,127],[136,129,137,131],"Mailing List","Third Party Advisory",{"url":139,"sources":140,"tags":141},"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",[122,116,127],[129,130,142],"ARTICLE",{"url":144,"sources":145,"tags":146},"https://lists.debian.org/debian-lts-announce/2022/04/msg00013.html",[122,116,127],[136,137,131],{"url":148,"sources":149,"tags":150},"https://security.netapp.com/advisory/ntap-20220609-0002/",[122,116],[137],{"url":152,"sources":153,"tags":154},"https://www.debian.org/security/2022/dsa-5254",[122,116,127],[130,137,131],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/",[122,116],[130],{"url":160,"sources":161,"tags":162},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/",[122,116],[130],{"url":164,"sources":165,"tags":166},"https://nvd.nist.gov/vuln/detail/CVE-2022-28346",[127],[167],"Advisory",{"url":169,"sources":170,"tags":171},"https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48",[127],[131],{"url":173,"sources":174,"tags":175},"https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d",[127],[131],{"url":177,"sources":178,"tags":179},"https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60",[127],[131],{"url":181,"sources":182,"tags":183},"https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200",[127],[131],{"url":185,"sources":186,"tags":187},"https://docs.djangoproject.com/en/4.0/releases/security",[127],[131],{"url":189,"sources":190,"tags":191},"https://github.com/advisories/GHSA-2gwj-7jmv-h26r",[127],[167],{"url":193,"sources":194,"tags":195},"https://github.com/django/django",[127],[196],"PACKAGE",{"url":198,"sources":199,"tags":200},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-190.yaml",[127],[131],{"url":202,"sources":203,"tags":204},"https://groups.google.com/forum/#!forum/django-announce",[127],[131],{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[127],[131],{"url":210,"sources":211,"tags":212},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[127],[131],{"url":214,"sources":215,"tags":216},"https://security.netapp.com/advisory/ntap-20220609-0002",[127],[131],{"url":218,"sources":219,"tags":220},"https://www.djangoproject.com/weblog/2022/apr/11/security-releases",[127],[131],[],{"date":223,"score":112,"percentile":224},"2026-06-04",0.83862,[226,230,233,236,238,241,243,246,248,251,254,257,260,262,265,269,272,275,279,282,285,288,291,294,297,300,303,306,309,312,315,317,320,322,325,327,330,333,336,339,342,345,348,350,353,356,359,362,365,367,370,373,376,379,382,385,387,390,393,396,399,402,405,409,412,415,418,421,424,427,429,432,435,437,440,442,445,448,450,453,455,458,461,464,467,470,473,476,479,483],{"date":227,"score":228,"percentile":229},"2025-11-04",0.04988,0.8919,{"date":231,"score":228,"percentile":232},"2025-11-05",0.89189,{"date":234,"score":228,"percentile":235},"2025-11-06",0.89182,{"date":237,"score":228,"percentile":229},"2025-11-07",{"date":239,"score":228,"percentile":240},"2025-11-08",0.89193,{"date":242,"score":228,"percentile":229},"2025-11-09",{"date":244,"score":228,"percentile":245},"2025-11-10",0.89186,{"date":247,"score":228,"percentile":232},"2025-11-11",{"date":249,"score":228,"percentile":250},"2025-11-12",0.89197,{"date":252,"score":228,"percentile":253},"2025-11-13",0.89202,{"date":255,"score":228,"percentile":256},"2025-11-14",0.89205,{"date":258,"score":228,"percentile":259},"2025-11-15",0.89201,{"date":261,"score":228,"percentile":253},"2025-11-16",{"date":263,"score":228,"percentile":264},"2025-11-17",0.892,{"date":266,"score":267,"percentile":268},"2025-11-18",0.1248,0.93255,{"date":270,"score":267,"percentile":271},"2025-11-19",0.93259,{"date":273,"score":267,"percentile":274},"2025-11-20",0.93264,{"date":276,"score":277,"percentile":278},"2025-11-21",0.05118,0.89382,{"date":280,"score":277,"percentile":281},"2025-11-22",0.89384,{"date":283,"score":277,"percentile":284},"2025-11-23",0.89381,{"date":286,"score":277,"percentile":287},"2025-11-24",0.89383,{"date":289,"score":277,"percentile":290},"2025-11-25",0.89386,{"date":292,"score":277,"percentile":293},"2025-11-26",0.89385,{"date":295,"score":228,"percentile":296},"2025-11-27",0.8922,{"date":298,"score":228,"percentile":299},"2025-11-28",0.89212,{"date":301,"score":228,"percentile":302},"2025-11-29",0.8928,{"date":304,"score":228,"percentile":305},"2025-11-30",0.89278,{"date":307,"score":228,"percentile":308},"2025-12-01",0.89338,{"date":310,"score":228,"percentile":311},"2025-12-02",0.89341,{"date":313,"score":228,"percentile":314},"2025-12-03",0.89339,{"date":316,"score":228,"percentile":305},"2025-12-04",{"date":318,"score":228,"percentile":319},"2025-12-05",0.89279,{"date":321,"score":228,"percentile":305},"2025-12-06",{"date":323,"score":228,"percentile":324},"2025-12-07",0.89275,{"date":326,"score":228,"percentile":324},"2025-12-08",{"date":328,"score":228,"percentile":329},"2025-12-09",0.89282,{"date":331,"score":228,"percentile":332},"2025-12-10",0.89298,{"date":334,"score":228,"percentile":335},"2025-12-11",0.89302,{"date":337,"score":228,"percentile":338},"2025-12-12",0.89307,{"date":340,"score":228,"percentile":341},"2025-12-13",0.89309,{"date":343,"score":228,"percentile":344},"2025-12-14",0.89311,{"date":346,"score":228,"percentile":347},"2025-12-15",0.89312,{"date":349,"score":228,"percentile":344},"2025-12-16",{"date":351,"score":228,"percentile":352},"2025-12-17",0.89317,{"date":354,"score":228,"percentile":355},"2025-12-18",0.89324,{"date":357,"score":228,"percentile":358},"2025-12-19",0.89325,{"date":360,"score":228,"percentile":361},"2025-12-20",0.89323,{"date":363,"score":228,"percentile":364},"2025-12-21",0.89332,{"date":366,"score":228,"percentile":364},"2025-12-22",{"date":368,"score":228,"percentile":369},"2025-12-23",0.89334,{"date":371,"score":228,"percentile":372},"2025-12-24",0.8934,{"date":374,"score":228,"percentile":375},"2025-12-25",0.89352,{"date":377,"score":228,"percentile":378},"2025-12-26",0.8935,{"date":380,"score":228,"percentile":381},"2025-12-27",0.89393,{"date":383,"score":228,"percentile":384},"2025-12-28",0.89343,{"date":386,"score":228,"percentile":311},"2025-12-29",{"date":388,"score":228,"percentile":389},"2025-12-30",0.89347,{"date":391,"score":228,"percentile":392},"2025-12-31",0.89355,{"date":394,"score":228,"percentile":395},"2026-01-01",0.89424,{"date":397,"score":228,"percentile":398},"2026-01-02",0.89417,{"date":400,"score":228,"percentile":401},"2026-01-03",0.89416,{"date":403,"score":228,"percentile":404},"2026-01-04",0.89354,{"date":406,"score":407,"percentile":408},"2026-01-05",0.04828,0.89174,{"date":410,"score":407,"percentile":411},"2026-01-06",0.8918,{"date":413,"score":407,"percentile":414},"2026-01-07",0.89181,{"date":416,"score":407,"percentile":417},"2026-01-08",0.89187,{"date":419,"score":407,"percentile":420},"2026-01-09",0.89191,{"date":422,"score":407,"percentile":423},"2026-01-10",0.89192,{"date":425,"score":407,"percentile":426},"2026-01-11",0.89184,{"date":428,"score":407,"percentile":235},"2026-01-12",{"date":430,"score":407,"percentile":431},"2026-01-13",0.89179,{"date":433,"score":407,"percentile":434},"2026-01-14",0.89194,{"date":436,"score":407,"percentile":434},"2026-01-15",{"date":438,"score":407,"percentile":439},"2026-01-16",0.89199,{"date":441,"score":407,"percentile":253},"2026-01-17",{"date":443,"score":444,"percentile":311},"2026-01-18",0.04954,{"date":446,"score":444,"percentile":447},"2026-01-19",0.89337,{"date":449,"score":444,"percentile":372},"2026-01-20",{"date":451,"score":444,"percentile":452},"2026-01-21",0.89344,{"date":454,"score":444,"percentile":389},"2026-01-22",{"date":456,"score":444,"percentile":457},"2026-01-23",0.89359,{"date":459,"score":444,"percentile":460},"2026-01-24",0.89367,{"date":462,"score":444,"percentile":463},"2026-01-25",0.89368,{"date":465,"score":407,"percentile":466},"2026-01-26",0.89225,{"date":468,"score":407,"percentile":469},"2026-01-27",0.89224,{"date":471,"score":407,"percentile":472},"2026-01-28",0.89227,{"date":474,"score":407,"percentile":475},"2026-01-29",0.8923,{"date":477,"score":407,"percentile":478},"2026-01-30",0.89231,{"date":480,"score":481,"percentile":482},"2026-01-31",0.02224,0.84131,{"date":484,"score":481,"percentile":485},"2026-02-01",0.842,[487,495],{"source":116,"cvss_v2_0":488,"cvss_v3_0":9,"cvss_v3_1":493,"cvss_v4_0":9},{"baseScore":489,"baseSeverity":9,"vectorString":490,"impactScore":491,"exploitabilityScore":492},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":114,"baseSeverity":494,"vectorString":117,"impactScore":114,"exploitabilityScore":492},"CRITICAL",{"source":127,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":496,"cvss_v4_0":497},{"baseScore":114,"baseSeverity":9,"vectorString":117,"impactScore":114,"exploitabilityScore":492},{"baseScore":498,"baseSeverity":9,"vectorString":499,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[501,512,533],{"ecosystem":9,"name":502,"vendor":503,"product":504,"cpe_part":505,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":506},"debian linux","debian","debian_linux","o",[507,510],{"version":508,"is_range":110,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":511,"is_range":110,"range_type":509,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":513,"vendor":514,"product":515,"cpe_part":516,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":517},"Django","djangoproject","django","a",[518,525,529],{"version":519,"is_range":520,"range_type":509,"version_start":521,"version_start_type":522,"version_end":523,"version_end_type":524,"fixed_in":9},"gte2.2_lt2.2.28",true,"2.2","including","2.2.28","excluding",{"version":526,"is_range":520,"range_type":509,"version_start":527,"version_start_type":522,"version_end":528,"version_end_type":524,"fixed_in":9},"gte3.2_lt3.2.13","3.2","3.2.13",{"version":530,"is_range":520,"range_type":509,"version_start":531,"version_start_type":522,"version_end":532,"version_end_type":524,"fixed_in":9},"gte4.0_lt4.0.4","4.0","4.0.4",{"ecosystem":534,"name":515,"vendor":534,"product":515,"cpe_part":9,"purl_type":535,"purl_namespace":9,"purl_name":515,"source":9,"versions":536},"PyPI","pypi",[537,540,542],{"version":538,"is_range":520,"range_type":539,"version_start":527,"version_start_type":522,"version_end":528,"version_end_type":524,"fixed_in":9},"gte3_2_lt3_2_13","ecosystem",{"version":541,"is_range":520,"range_type":539,"version_start":531,"version_start_type":522,"version_end":532,"version_end_type":524,"fixed_in":9},"gte4_0_lt4_0_4",{"version":543,"is_range":520,"range_type":539,"version_start":521,"version_start_type":522,"version_end":523,"version_end_type":524,"fixed_in":9},"gte2_2_lt2_2_28"]