[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-28347":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":79,"related":80,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":99,"kevs":190,"epss":191,"epss_history":194,"metrics":461,"affected":475},"CVE-2022-28347","A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47,48],"GHSA-w24h-v9qh-8gxj","BIT-django-2022-28347","PYSEC-2022-191",[],[51,53,55,57,59,61,63,65,67,69,71,73,75,77],{"_key":52},"UBUNTU-CVE-2022-28347",{"_key":54},"USN-5373-1",{"_key":56},"OPENSUSE-SU-2023:0005-1",{"_key":58},"OPENSUSE-SU-2024:12094-1",{"_key":60},"OPENSUSE-SU-2024:14208-1",{"_key":62},"OPENSUSE-SU-2025:14662-1",{"_key":64},"RHSA-2022:5602",{"_key":66},"RHSA-2022:5702",{"_key":68},"RHSA-2022:5703",{"_key":70},"DSA-5254-1",{"_key":72},"OPENSUSE-SU-2026:10005-1",{"_key":74},"MGASA-2022-0190",{"_key":76},"DEBIAN-CVE-2022-28347",{"_key":78},"RHSA-2022:5498",[],[81,82,83,84,85,86],{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":72},{"_key":74},"2022-04-12T00:00:00.000Z","2025-02-13T16:32:34.174Z","Modified",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":89},false,"low",0.00748,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[100,105,113,119,124,128,132,136,141,145,149,153,157,161,165,170,174,178,182,186],{"url":101,"sources":102,"tags":104},"https://groups.google.com/forum/#%21forum/django-announce",[103,97],"cve.org",[],{"url":106,"sources":107,"tags":109},"https://docs.djangoproject.com/en/4.0/releases/security/",[103,97,108],"osv_pypi",[110,111,112],"Patch","Vendor Advisory","WEB",{"url":114,"sources":115,"tags":116},"http://www.openwall.com/lists/oss-security/2022/04/11/1",[103,97,108],[117,110,118,112],"Mailing List","Third Party Advisory",{"url":120,"sources":121,"tags":122},"https://www.djangoproject.com/weblog/2022/apr/11/security-releases/",[103,97,108],[110,111,123],"ARTICLE",{"url":125,"sources":126,"tags":127},"https://www.debian.org/security/2022/dsa-5254",[103,97,108],[111,118,112],{"url":129,"sources":130,"tags":131},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/",[103,97],[111],{"url":133,"sources":134,"tags":135},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/",[103,97],[111],{"url":137,"sources":138,"tags":139},"https://nvd.nist.gov/vuln/detail/CVE-2022-28347",[108],[140],"Advisory",{"url":142,"sources":143,"tags":144},"https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402",[108],[112],{"url":146,"sources":147,"tags":148},"https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5",[108],[112],{"url":150,"sources":151,"tags":152},"https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81",[108],[112],{"url":154,"sources":155,"tags":156},"https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d",[108],[112],{"url":158,"sources":159,"tags":160},"https://docs.djangoproject.com/en/4.0/releases/security",[108],[112],{"url":162,"sources":163,"tags":164},"https://github.com/advisories/GHSA-w24h-v9qh-8gxj",[108],[140],{"url":166,"sources":167,"tags":168},"https://github.com/django/django",[108],[169],"PACKAGE",{"url":171,"sources":172,"tags":173},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-191.yaml",[108],[112],{"url":175,"sources":176,"tags":177},"https://groups.google.com/forum/#!forum/django-announce",[108],[112],{"url":179,"sources":180,"tags":181},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[108],[112],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[108],[112],{"url":187,"sources":188,"tags":189},"https://www.djangoproject.com/weblog/2022/apr/11/security-releases",[108],[112],[],{"date":192,"score":93,"percentile":193},"2026-06-04",0.73453,[195,199,202,205,208,211,214,217,220,224,227,230,233,235,238,242,245,248,251,254,257,260,263,265,268,270,272,275,278,281,283,286,288,291,294,297,300,303,306,309,311,314,316,318,321,324,327,330,333,336,339,343,346,349,353,356,359,362,365,368,371,374,376,379,382,385,388,391,394,397,400,403,406,409,412,415,419,422,425,427,430,433,436,439,442,445,448,451,454,457],{"date":196,"score":197,"percentile":198},"2025-11-04",0.01472,0.80287,{"date":200,"score":197,"percentile":201},"2025-11-05",0.80288,{"date":203,"score":197,"percentile":204},"2025-11-06",0.80289,{"date":206,"score":197,"percentile":207},"2025-11-07",0.803,{"date":209,"score":197,"percentile":210},"2025-11-08",0.80307,{"date":212,"score":197,"percentile":213},"2025-11-09",0.80303,{"date":215,"score":197,"percentile":216},"2025-11-10",0.80298,{"date":218,"score":197,"percentile":219},"2025-11-11",0.80302,{"date":221,"score":222,"percentile":223},"2025-11-12",0.01284,0.78966,{"date":225,"score":222,"percentile":226},"2025-11-13",0.78976,{"date":228,"score":222,"percentile":229},"2025-11-14",0.78983,{"date":231,"score":222,"percentile":232},"2025-11-15",0.78981,{"date":234,"score":222,"percentile":229},"2025-11-16",{"date":236,"score":222,"percentile":237},"2025-11-17",0.78977,{"date":239,"score":240,"percentile":241},"2025-11-18",0.03424,0.86261,{"date":243,"score":240,"percentile":244},"2025-11-19",0.86262,{"date":246,"score":240,"percentile":247},"2025-11-20",0.86264,{"date":249,"score":222,"percentile":250},"2025-11-21",0.79,{"date":252,"score":222,"percentile":253},"2025-11-22",0.79001,{"date":255,"score":222,"percentile":256},"2025-11-23",0.7899,{"date":258,"score":222,"percentile":259},"2025-11-24",0.78988,{"date":261,"score":222,"percentile":262},"2025-11-25",0.78993,{"date":264,"score":222,"percentile":262},"2025-11-26",{"date":266,"score":222,"percentile":267},"2025-11-27",0.78996,{"date":269,"score":222,"percentile":259},"2025-11-28",{"date":271,"score":222,"percentile":267},"2025-11-29",{"date":273,"score":222,"percentile":274},"2025-11-30",0.78994,{"date":276,"score":222,"percentile":277},"2025-12-01",0.79086,{"date":279,"score":222,"percentile":280},"2025-12-02",0.79088,{"date":282,"score":222,"percentile":280},"2025-12-03",{"date":284,"score":222,"percentile":285},"2025-12-04",0.78995,{"date":287,"score":222,"percentile":253},"2025-12-05",{"date":289,"score":222,"percentile":290},"2025-12-06",0.79003,{"date":292,"score":222,"percentile":293},"2025-12-07",0.79004,{"date":295,"score":222,"percentile":296},"2025-12-08",0.79008,{"date":298,"score":222,"percentile":299},"2025-12-09",0.79025,{"date":301,"score":222,"percentile":302},"2025-12-10",0.79046,{"date":304,"score":222,"percentile":305},"2025-12-11",0.7906,{"date":307,"score":222,"percentile":308},"2025-12-12",0.7908,{"date":310,"score":222,"percentile":308},"2025-12-13",{"date":312,"score":222,"percentile":313},"2025-12-14",0.79077,{"date":315,"score":222,"percentile":313},"2025-12-15",{"date":317,"score":222,"percentile":280},"2025-12-16",{"date":319,"score":222,"percentile":320},"2025-12-17",0.79094,{"date":322,"score":222,"percentile":323},"2025-12-18",0.79115,{"date":325,"score":222,"percentile":326},"2025-12-19",0.79125,{"date":328,"score":222,"percentile":329},"2025-12-20",0.7912,{"date":331,"score":222,"percentile":332},"2025-12-21",0.79114,{"date":334,"score":222,"percentile":335},"2025-12-22",0.79117,{"date":337,"score":222,"percentile":338},"2025-12-23",0.79116,{"date":340,"score":341,"percentile":342},"2025-12-24",0.00664,0.70579,{"date":344,"score":341,"percentile":345},"2025-12-25",0.70602,{"date":347,"score":341,"percentile":348},"2025-12-26",0.70603,{"date":350,"score":351,"percentile":352},"2025-12-27",0.00758,0.72742,{"date":354,"score":341,"percentile":355},"2025-12-28",0.70573,{"date":357,"score":341,"percentile":358},"2025-12-29",0.70569,{"date":360,"score":341,"percentile":361},"2025-12-30",0.70583,{"date":363,"score":351,"percentile":364},"2025-12-31",0.72734,{"date":366,"score":351,"percentile":367},"2026-01-01",0.72879,{"date":369,"score":351,"percentile":370},"2026-01-02",0.72876,{"date":372,"score":351,"percentile":373},"2026-01-03",0.72875,{"date":375,"score":351,"percentile":352},"2026-01-04",{"date":377,"score":351,"percentile":378},"2026-01-05",0.72731,{"date":380,"score":351,"percentile":381},"2026-01-06",0.72744,{"date":383,"score":351,"percentile":384},"2026-01-07",0.72758,{"date":386,"score":351,"percentile":387},"2026-01-08",0.72771,{"date":389,"score":351,"percentile":390},"2026-01-09",0.72776,{"date":392,"score":351,"percentile":393},"2026-01-10",0.72773,{"date":395,"score":351,"percentile":396},"2026-01-11",0.72765,{"date":398,"score":351,"percentile":399},"2026-01-12",0.72755,{"date":401,"score":351,"percentile":402},"2026-01-13",0.72752,{"date":404,"score":351,"percentile":405},"2026-01-14",0.72778,{"date":407,"score":351,"percentile":408},"2026-01-15",0.72785,{"date":410,"score":351,"percentile":411},"2026-01-16",0.72801,{"date":413,"score":351,"percentile":414},"2026-01-17",0.72796,{"date":416,"score":417,"percentile":418},"2026-01-18",0.00779,0.73143,{"date":420,"score":417,"percentile":421},"2026-01-19",0.73135,{"date":423,"score":417,"percentile":424},"2026-01-20",0.73139,{"date":426,"score":417,"percentile":418},"2026-01-21",{"date":428,"score":417,"percentile":429},"2026-01-22",0.7315,{"date":431,"score":417,"percentile":432},"2026-01-23",0.73178,{"date":434,"score":417,"percentile":435},"2026-01-24",0.73185,{"date":437,"score":417,"percentile":438},"2026-01-25",0.73171,{"date":440,"score":351,"percentile":441},"2026-01-26",0.72802,{"date":443,"score":351,"percentile":444},"2026-01-27",0.72805,{"date":446,"score":351,"percentile":447},"2026-01-28",0.72819,{"date":449,"score":351,"percentile":450},"2026-01-29",0.72822,{"date":452,"score":351,"percentile":453},"2026-01-30",0.72829,{"date":455,"score":351,"percentile":456},"2026-01-31",0.72833,{"date":458,"score":459,"percentile":460},"2026-02-01",0.01027,0.76977,[462,470],{"source":97,"cvss_v2_0":463,"cvss_v3_0":9,"cvss_v3_1":468,"cvss_v4_0":9},{"baseScore":464,"baseSeverity":9,"vectorString":465,"impactScore":466,"exploitabilityScore":467},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":95,"baseSeverity":469,"vectorString":98,"impactScore":95,"exploitabilityScore":467},"CRITICAL",{"source":108,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":471,"cvss_v4_0":472},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":95,"exploitabilityScore":467},{"baseScore":473,"baseSeverity":9,"vectorString":474,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[476,485,506],{"ecosystem":9,"name":477,"vendor":478,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"debian linux","debian","debian_linux","o",[482],{"version":483,"is_range":91,"range_type":484,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":486,"vendor":487,"product":488,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":490},"Django","djangoproject","django","a",[491,498,502],{"version":492,"is_range":493,"range_type":484,"version_start":494,"version_start_type":495,"version_end":496,"version_end_type":497,"fixed_in":9},"gte2.2_lt2.2.28",true,"2.2","including","2.2.28","excluding",{"version":499,"is_range":493,"range_type":484,"version_start":500,"version_start_type":495,"version_end":501,"version_end_type":497,"fixed_in":9},"gte3.2_lt3.2.13","3.2","3.2.13",{"version":503,"is_range":493,"range_type":484,"version_start":504,"version_start_type":495,"version_end":505,"version_end_type":497,"fixed_in":9},"gte4.0_lt4.0.4","4.0","4.0.4",{"ecosystem":507,"name":488,"vendor":507,"product":488,"cpe_part":9,"purl_type":508,"purl_namespace":9,"purl_name":488,"source":9,"versions":509},"PyPI","pypi",[510,513,515],{"version":511,"is_range":493,"range_type":512,"version_start":500,"version_start_type":495,"version_end":501,"version_end_type":497,"fixed_in":9},"gte3_2_lt3_2_13","ecosystem",{"version":514,"is_range":493,"range_type":512,"version_start":504,"version_start_type":495,"version_end":505,"version_end_type":497,"fixed_in":9},"gte4_0_lt4_0_4",{"version":516,"is_range":493,"range_type":512,"version_start":494,"version_start_type":495,"version_end":496,"version_end_type":497,"fixed_in":9},"gte2_2_lt2_2_28"]