[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-34265":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":79,"related":80,"reserved_at":9,"published_at":88,"modified_at":89,"state":90,"summary":91,"references_raw":99,"kevs":193,"epss":194,"epss_history":197,"metrics":392,"affected":406},"CVE-2022-34265","An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47,48],"GHSA-p64x-8rxx-wf6q","BIT-django-2022-34265","PYSEC-2022-213",[],[51,53,55,57,59,61,63,65,67,69,71,73,75,77],{"_key":52},"SUSE-SU-2022:3338-1",{"_key":54},"SUSE-SU-2022:3339-1",{"_key":56},"UBUNTU-CVE-2022-34265",{"_key":58},"USN-5501-1",{"_key":60},"OPENSUSE-SU-2024:12172-1",{"_key":62},"OPENSUSE-SU-2024:14208-1",{"_key":64},"OPENSUSE-SU-2025:14662-1",{"_key":66},"DLA-3164-1",{"_key":68},"DSA-5254-1",{"_key":70},"OPENSUSE-SU-2026:10005-1",{"_key":72},"MGASA-2022-0281",{"_key":74},"DEBIAN-CVE-2022-34265",{"_key":76},"RHSA-2022:5738",{"_key":78},"RHSA-2022:8506",[],[81,82,83,84,85,86,87],{"_key":52},{"_key":54},{"_key":60},{"_key":62},{"_key":64},{"_key":70},{"_key":72},"2022-07-04T00:00:00.000Z","2025-02-13T16:32:45.198Z","Modified",{"cisa_kev":92,"cisa_ransomware":92,"cisa_vendor":9,"epss_severity":93,"epss_score":94,"severity":93,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":90},false,"critical",0.92834,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[100,105,113,118,123,127,131,135,140,144,148,152,156,160,164,169,173,177,181,185,189],{"url":101,"sources":102,"tags":104},"https://groups.google.com/forum/#%21forum/django-announce",[103,97],"cve.org",[],{"url":106,"sources":107,"tags":109},"https://docs.djangoproject.com/en/4.0/releases/security/",[103,97,108],"osv_pypi",[110,111,112],"Patch","Vendor Advisory","WEB",{"url":114,"sources":115,"tags":116},"https://www.djangoproject.com/weblog/2022/jul/04/security-releases/",[103,97,108],[110,111,117],"ARTICLE",{"url":119,"sources":120,"tags":121},"https://security.netapp.com/advisory/ntap-20220818-0006/",[103,97],[122],"Third Party Advisory",{"url":124,"sources":125,"tags":126},"https://www.debian.org/security/2022/dsa-5254",[103,97,108],[111,122,112],{"url":128,"sources":129,"tags":130},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/",[103,97],[111],{"url":132,"sources":133,"tags":134},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/",[103,97],[111],{"url":136,"sources":137,"tags":138},"https://nvd.nist.gov/vuln/detail/CVE-2022-34265",[108],[139],"Advisory",{"url":141,"sources":142,"tags":143},"https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492",[108],[112],{"url":145,"sources":146,"tags":147},"https://github.com/django/django/commit/5e2f4ddf2940704a26a4ac782b851989668d74db",[108],[112],{"url":149,"sources":150,"tags":151},"https://github.com/django/django/commit/877c800f255ccaa7abde1fb944de45d1616f5cc9",[108],[112],{"url":153,"sources":154,"tags":155},"https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e",[108],[112],{"url":157,"sources":158,"tags":159},"https://docs.djangoproject.com/en/4.0/releases/security",[108],[112],{"url":161,"sources":162,"tags":163},"https://github.com/advisories/GHSA-p64x-8rxx-wf6q",[108],[139],{"url":165,"sources":166,"tags":167},"https://github.com/django/django",[108],[168],"PACKAGE",{"url":170,"sources":171,"tags":172},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2022-213.yaml",[108],[112],{"url":174,"sources":175,"tags":176},"https://groups.google.com/forum/#!forum/django-announce",[108],[112],{"url":178,"sources":179,"tags":180},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK",[108],[112],{"url":182,"sources":183,"tags":184},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI",[108],[112],{"url":186,"sources":187,"tags":188},"https://security.netapp.com/advisory/ntap-20220818-0006",[108],[112],{"url":190,"sources":191,"tags":192},"https://www.djangoproject.com/weblog/2022/jul/04/security-releases",[108],[112],[],{"date":195,"score":94,"percentile":196},"2026-06-04",0.99772,[198,202,205,207,210,213,215,217,219,221,223,225,227,229,231,235,238,241,243,245,247,249,251,253,255,257,259,261,264,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,389],{"date":199,"score":200,"percentile":201},"2025-11-04",0.92734,0.99743,{"date":203,"score":200,"percentile":204},"2025-11-05",0.99742,{"date":206,"score":200,"percentile":204},"2025-11-06",{"date":208,"score":200,"percentile":209},"2025-11-07",0.9974,{"date":211,"score":200,"percentile":212},"2025-11-08",0.99741,{"date":214,"score":200,"percentile":212},"2025-11-09",{"date":216,"score":200,"percentile":204},"2025-11-10",{"date":218,"score":200,"percentile":212},"2025-11-11",{"date":220,"score":200,"percentile":212},"2025-11-12",{"date":222,"score":200,"percentile":212},"2025-11-13",{"date":224,"score":200,"percentile":212},"2025-11-14",{"date":226,"score":200,"percentile":204},"2025-11-15",{"date":228,"score":200,"percentile":212},"2025-11-16",{"date":230,"score":200,"percentile":201},"2025-11-17",{"date":232,"score":233,"percentile":234},"2025-11-18",0.51039,0.97742,{"date":236,"score":233,"percentile":237},"2025-11-19",0.97743,{"date":239,"score":233,"percentile":240},"2025-11-20",0.9775,{"date":242,"score":200,"percentile":212},"2025-11-21",{"date":244,"score":200,"percentile":204},"2025-11-22",{"date":246,"score":200,"percentile":212},"2025-11-23",{"date":248,"score":200,"percentile":212},"2025-11-24",{"date":250,"score":200,"percentile":204},"2025-11-25",{"date":252,"score":200,"percentile":204},"2025-11-26",{"date":254,"score":200,"percentile":204},"2025-11-27",{"date":256,"score":200,"percentile":212},"2025-11-28",{"date":258,"score":200,"percentile":204},"2025-11-29",{"date":260,"score":200,"percentile":204},"2025-11-30",{"date":262,"score":200,"percentile":263},"2025-12-01",0.99747,{"date":265,"score":200,"percentile":266},"2025-12-02",0.99748,{"date":268,"score":200,"percentile":266},"2025-12-03",{"date":270,"score":200,"percentile":204},"2025-12-04",{"date":272,"score":200,"percentile":204},"2025-12-05",{"date":274,"score":200,"percentile":204},"2025-12-06",{"date":276,"score":200,"percentile":204},"2025-12-07",{"date":278,"score":200,"percentile":201},"2025-12-08",{"date":280,"score":200,"percentile":201},"2025-12-09",{"date":282,"score":200,"percentile":201},"2025-12-10",{"date":284,"score":200,"percentile":204},"2025-12-11",{"date":286,"score":200,"percentile":204},"2025-12-12",{"date":288,"score":200,"percentile":204},"2025-12-13",{"date":290,"score":200,"percentile":204},"2025-12-14",{"date":292,"score":200,"percentile":204},"2025-12-15",{"date":294,"score":200,"percentile":204},"2025-12-16",{"date":296,"score":200,"percentile":201},"2025-12-17",{"date":298,"score":200,"percentile":212},"2025-12-18",{"date":300,"score":200,"percentile":204},"2025-12-19",{"date":302,"score":200,"percentile":204},"2025-12-20",{"date":304,"score":200,"percentile":204},"2025-12-21",{"date":306,"score":200,"percentile":201},"2025-12-22",{"date":308,"score":200,"percentile":201},"2025-12-23",{"date":310,"score":200,"percentile":204},"2025-12-24",{"date":312,"score":200,"percentile":212},"2025-12-25",{"date":314,"score":200,"percentile":212},"2025-12-26",{"date":316,"score":200,"percentile":212},"2025-12-27",{"date":318,"score":200,"percentile":209},"2025-12-28",{"date":320,"score":200,"percentile":321},"2025-12-29",0.99739,{"date":323,"score":200,"percentile":321},"2025-12-30",{"date":325,"score":200,"percentile":209},"2025-12-31",{"date":327,"score":200,"percentile":266},"2026-01-01",{"date":329,"score":200,"percentile":263},"2026-01-02",{"date":331,"score":200,"percentile":263},"2026-01-03",{"date":333,"score":200,"percentile":321},"2026-01-04",{"date":335,"score":200,"percentile":321},"2026-01-05",{"date":337,"score":200,"percentile":209},"2026-01-06",{"date":339,"score":200,"percentile":209},"2026-01-07",{"date":341,"score":200,"percentile":209},"2026-01-08",{"date":343,"score":200,"percentile":209},"2026-01-09",{"date":345,"score":200,"percentile":209},"2026-01-10",{"date":347,"score":200,"percentile":321},"2026-01-11",{"date":349,"score":200,"percentile":321},"2026-01-12",{"date":351,"score":200,"percentile":321},"2026-01-13",{"date":353,"score":200,"percentile":209},"2026-01-14",{"date":355,"score":200,"percentile":212},"2026-01-15",{"date":357,"score":200,"percentile":212},"2026-01-16",{"date":359,"score":200,"percentile":204},"2026-01-17",{"date":361,"score":200,"percentile":212},"2026-01-18",{"date":363,"score":200,"percentile":212},"2026-01-19",{"date":365,"score":200,"percentile":212},"2026-01-20",{"date":367,"score":200,"percentile":212},"2026-01-21",{"date":369,"score":200,"percentile":212},"2026-01-22",{"date":371,"score":200,"percentile":204},"2026-01-23",{"date":373,"score":200,"percentile":204},"2026-01-24",{"date":375,"score":200,"percentile":204},"2026-01-25",{"date":377,"score":200,"percentile":212},"2026-01-26",{"date":379,"score":200,"percentile":204},"2026-01-27",{"date":381,"score":200,"percentile":204},"2026-01-28",{"date":383,"score":200,"percentile":204},"2026-01-29",{"date":385,"score":200,"percentile":204},"2026-01-30",{"date":387,"score":94,"percentile":388},"2026-01-31",0.99754,{"date":390,"score":94,"percentile":391},"2026-02-01",0.99759,[393,401],{"source":97,"cvss_v2_0":394,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":9},{"baseScore":395,"baseSeverity":9,"vectorString":396,"impactScore":397,"exploitabilityScore":398},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":95,"baseSeverity":400,"vectorString":98,"impactScore":95,"exploitabilityScore":398},"CRITICAL",{"source":108,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":403},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":95,"exploitabilityScore":398},{"baseScore":404,"baseSeverity":9,"vectorString":405,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[407,425],{"ecosystem":9,"name":408,"vendor":409,"product":410,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"Django","djangoproject","django","a",[413,421],{"version":414,"is_range":415,"range_type":416,"version_start":417,"version_start_type":418,"version_end":419,"version_end_type":420,"fixed_in":9},"gte3.2_lt3.2.14",true,"cpe","3.2","including","3.2.14","excluding",{"version":422,"is_range":415,"range_type":416,"version_start":423,"version_start_type":418,"version_end":424,"version_end_type":420,"fixed_in":9},"gte4.0_lt4.0.6","4.0","4.0.6",{"ecosystem":426,"name":410,"vendor":426,"product":410,"cpe_part":9,"purl_type":427,"purl_namespace":9,"purl_name":410,"source":9,"versions":428},"PyPI","pypi",[429,433,436],{"version":430,"is_range":415,"range_type":431,"version_start":432,"version_start_type":418,"version_end":419,"version_end_type":420,"fixed_in":9},"gte3_2a1_lt3_2_14","ecosystem","3.2a1",{"version":434,"is_range":415,"range_type":431,"version_start":435,"version_start_type":418,"version_end":424,"version_end_type":420,"fixed_in":9},"gte4_0a1_lt4_0_6","4.0a1",{"version":437,"is_range":415,"range_type":431,"version_start":423,"version_start_type":418,"version_end":424,"version_end_type":420,"fixed_in":9},"gte4_0_lt4_0_6"]