[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-42005":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":81,"related":82,"reserved_at":9,"published_at":90,"modified_at":91,"state":92,"summary":93,"references_raw":102,"kevs":160,"epss":161,"epss_history":164,"metrics":440,"affected":459},"CVE-2024-42005","An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-109","Object Relational Mapping Injection",[],{"id":29,"name":30,"techniques":31},"CAPEC-110","SQL Injection through SOAP Parameter Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-470","Expanding Control over the Operating System from the Database",[],{"id":37,"name":38,"techniques":39},"CAPEC-66","SQL Injection",[],{"id":41,"name":42,"techniques":43},"CAPEC-7","Blind SQL Injection",[],[],[46,47,48],"GHSA-pv4p-cwwg-4rph","BIT-django-2024-42005","PYSEC-2024-70",[],[51,53,55,57,59,61,63,65,67,69,71,73,75,77,79],{"_key":52},"DLA-4458-1",{"_key":54},"OPENSUSE-SU-2024:14248-1",{"_key":56},"UBUNTU-CVE-2024-42005",{"_key":58},"SUSE-SU-2024:2816-1",{"_key":60},"SUSE-SU-2024:2817-1",{"_key":62},"OPENSUSE-SU-2024:0272-1",{"_key":64},"OPENSUSE-SU-2024:14247-1",{"_key":66},"DSA-6136-1",{"_key":68},"OPENSUSE-SU-2026:10005-1",{"_key":70},"MGASA-2025-0039",{"_key":72},"USN-6946-1",{"_key":74},"DEBIAN-CVE-2024-42005",{"_key":76},"RHSA-2024:6428",{"_key":78},"RHSA-2024:8906",{"_key":80},"RHSA-2025:1335",[],[83,84,85,86,87,88,89],{"_key":54},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":68},{"_key":70},"2024-08-07T00:00:00.000Z","2025-11-04T16:13:43.599Z","Modified",{"cisa_kev":94,"cisa_ransomware":94,"cisa_vendor":9,"epss_severity":95,"epss_score":96,"severity":97,"severity_score":98,"severity_version":99,"severity_source":100,"severity_vector":101,"severity_status":92},false,"low",0.00328,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[103,112,117,122,126,131,135,139,143,148,152,156],{"url":104,"sources":105,"tags":108},"https://docs.djangoproject.com/en/dev/releases/security/",[100,106,107],"nvd","osv_pypi",[109,110,111],"Patch","Vendor Advisory","WEB",{"url":113,"sources":114,"tags":115},"https://groups.google.com/forum/#%21forum/django-announce",[100,106,107],[116,111],"Not Applicable",{"url":118,"sources":119,"tags":120},"https://www.djangoproject.com/weblog/2024/aug/06/security-releases/",[100,106,107],[110,121],"ARTICLE",{"url":123,"sources":124,"tags":125},"https://security.netapp.com/advisory/ntap-20240905-0007/",[100,106],[],{"url":127,"sources":128,"tags":129},"https://nvd.nist.gov/vuln/detail/CVE-2024-42005",[107],[130],"Advisory",{"url":132,"sources":133,"tags":134},"https://github.com/django/django/commit/32ebcbf2e1fe3e5ba79a6554a167efce81f7422d",[107],[111],{"url":136,"sources":137,"tags":138},"https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28",[107],[111],{"url":140,"sources":141,"tags":142},"https://docs.djangoproject.com/en/dev/releases/security",[107],[111],{"url":144,"sources":145,"tags":146},"https://github.com/django/django",[107],[147],"PACKAGE",{"url":149,"sources":150,"tags":151},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-70.yaml",[107],[111],{"url":153,"sources":154,"tags":155},"https://security.netapp.com/advisory/ntap-20240905-0007",[107],[111],{"url":157,"sources":158,"tags":159},"https://www.djangoproject.com/weblog/2024/aug/06/security-releases",[107],[111],[],{"date":162,"score":96,"percentile":163},"2026-06-04",0.56077,[165,169,172,176,179,182,185,188,191,195,198,201,204,207,210,214,217,220,224,227,230,233,236,239,242,245,248,251,255,258,261,265,268,271,274,277,280,283,286,289,292,296,299,302,305,308,311,314,317,320,322,325,328,331,334,337,340,343,346,350,353,356,359,362,365,368,371,373,375,377,380,383,386,389,392,395,399,402,405,408,410,413,416,419,422,425,428,431,434,437],{"date":166,"score":167,"percentile":168},"2025-11-04",0.00107,0.29638,{"date":170,"score":167,"percentile":171},"2025-11-05",0.29608,{"date":173,"score":174,"percentile":175},"2025-11-06",0.00119,0.31575,{"date":177,"score":174,"percentile":178},"2025-11-07",0.31595,{"date":180,"score":174,"percentile":181},"2025-11-08",0.31597,{"date":183,"score":174,"percentile":184},"2025-11-09",0.31574,{"date":186,"score":174,"percentile":187},"2025-11-10",0.31526,{"date":189,"score":174,"percentile":190},"2025-11-11",0.31543,{"date":192,"score":193,"percentile":194},"2025-11-12",0.0013,0.3323,{"date":196,"score":193,"percentile":197},"2025-11-13",0.33244,{"date":199,"score":193,"percentile":200},"2025-11-14",0.3325,{"date":202,"score":193,"percentile":203},"2025-11-15",0.33248,{"date":205,"score":193,"percentile":206},"2025-11-16",0.33218,{"date":208,"score":193,"percentile":209},"2025-11-17",0.33191,{"date":211,"score":212,"percentile":213},"2025-11-18",0.01699,0.80784,{"date":215,"score":212,"percentile":216},"2025-11-19",0.80785,{"date":218,"score":212,"percentile":219},"2025-11-20",0.80789,{"date":221,"score":222,"percentile":223},"2025-11-21",0.00133,0.33716,{"date":225,"score":222,"percentile":226},"2025-11-22",0.33721,{"date":228,"score":222,"percentile":229},"2025-11-23",0.33687,{"date":231,"score":222,"percentile":232},"2025-11-24",0.33662,{"date":234,"score":222,"percentile":235},"2025-11-25",0.33658,{"date":237,"score":222,"percentile":238},"2025-11-26",0.33654,{"date":240,"score":193,"percentile":241},"2025-11-27",0.33178,{"date":243,"score":193,"percentile":244},"2025-11-28",0.3316,{"date":246,"score":193,"percentile":247},"2025-11-29",0.33141,{"date":249,"score":193,"percentile":250},"2025-11-30",0.33118,{"date":252,"score":253,"percentile":254},"2025-12-01",0.001,0.28353,{"date":256,"score":253,"percentile":257},"2025-12-02",0.28375,{"date":259,"score":253,"percentile":260},"2025-12-03",0.28383,{"date":262,"score":263,"percentile":264},"2025-12-04",0.00171,0.38661,{"date":266,"score":263,"percentile":267},"2025-12-05",0.38693,{"date":269,"score":263,"percentile":270},"2025-12-06",0.38694,{"date":272,"score":263,"percentile":273},"2025-12-07",0.38669,{"date":275,"score":263,"percentile":276},"2025-12-08",0.38685,{"date":278,"score":263,"percentile":279},"2025-12-09",0.38726,{"date":281,"score":263,"percentile":282},"2025-12-10",0.38785,{"date":284,"score":263,"percentile":285},"2025-12-11",0.38815,{"date":287,"score":263,"percentile":288},"2025-12-12",0.38853,{"date":290,"score":263,"percentile":291},"2025-12-13",0.3883,{"date":293,"score":294,"percentile":295},"2025-12-14",0.00154,0.36686,{"date":297,"score":294,"percentile":298},"2025-12-15",0.36651,{"date":300,"score":294,"percentile":301},"2025-12-16",0.36679,{"date":303,"score":294,"percentile":304},"2025-12-17",0.36725,{"date":306,"score":294,"percentile":307},"2025-12-18",0.36768,{"date":309,"score":294,"percentile":310},"2025-12-19",0.36786,{"date":312,"score":294,"percentile":313},"2025-12-20",0.36764,{"date":315,"score":294,"percentile":316},"2025-12-21",0.36711,{"date":318,"score":294,"percentile":319},"2025-12-22",0.36687,{"date":321,"score":294,"percentile":319},"2025-12-23",{"date":323,"score":294,"percentile":324},"2025-12-24",0.36695,{"date":326,"score":294,"percentile":327},"2025-12-25",0.36755,{"date":329,"score":294,"percentile":330},"2025-12-26",0.36733,{"date":332,"score":96,"percentile":333},"2025-12-27",0.5537,{"date":335,"score":96,"percentile":336},"2025-12-28",0.55291,{"date":338,"score":96,"percentile":339},"2025-12-29",0.55275,{"date":341,"score":96,"percentile":342},"2025-12-30",0.55268,{"date":344,"score":96,"percentile":345},"2025-12-31",0.55282,{"date":347,"score":348,"percentile":349},"2026-01-01",0.00193,0.41549,{"date":351,"score":348,"percentile":352},"2026-01-02",0.41524,{"date":354,"score":348,"percentile":355},"2026-01-03",0.41514,{"date":357,"score":96,"percentile":358},"2026-01-04",0.55252,{"date":360,"score":96,"percentile":361},"2026-01-05",0.55241,{"date":363,"score":96,"percentile":364},"2026-01-06",0.55249,{"date":366,"score":96,"percentile":367},"2026-01-07",0.55273,{"date":369,"score":96,"percentile":370},"2026-01-08",0.55295,{"date":372,"score":96,"percentile":336},"2026-01-09",{"date":374,"score":96,"percentile":336},"2026-01-10",{"date":376,"score":96,"percentile":342},"2026-01-11",{"date":378,"score":96,"percentile":379},"2026-01-12",0.55223,{"date":381,"score":96,"percentile":382},"2026-01-13",0.55201,{"date":384,"score":96,"percentile":385},"2026-01-14",0.55248,{"date":387,"score":96,"percentile":388},"2026-01-15",0.5525,{"date":390,"score":96,"percentile":391},"2026-01-16",0.55272,{"date":393,"score":96,"percentile":394},"2026-01-17",0.55267,{"date":396,"score":397,"percentile":398},"2026-01-18",0.00338,0.56072,{"date":400,"score":397,"percentile":401},"2026-01-19",0.56063,{"date":403,"score":397,"percentile":404},"2026-01-20",0.56067,{"date":406,"score":397,"percentile":407},"2026-01-21",0.56071,{"date":409,"score":397,"percentile":398},"2026-01-22",{"date":411,"score":397,"percentile":412},"2026-01-23",0.56116,{"date":414,"score":397,"percentile":415},"2026-01-24",0.5612,{"date":417,"score":397,"percentile":418},"2026-01-25",0.56078,{"date":420,"score":96,"percentile":421},"2026-01-26",0.55253,{"date":423,"score":96,"percentile":424},"2026-01-27",0.55265,{"date":426,"score":96,"percentile":427},"2026-01-28",0.5528,{"date":429,"score":96,"percentile":430},"2026-01-29",0.55281,{"date":432,"score":96,"percentile":433},"2026-01-30",0.55287,{"date":435,"score":96,"percentile":436},"2026-01-31",0.55292,{"date":438,"score":348,"percentile":439},"2026-02-01",0.41299,[441,445,451],{"source":100,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":98,"baseSeverity":443,"vectorString":101,"impactScore":98,"exploitabilityScore":444},"CRITICAL",10,{"source":106,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":446,"cvss_v4_0":9},{"baseScore":447,"baseSeverity":448,"vectorString":449,"impactScore":450,"exploitabilityScore":444},7.3,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"source":107,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":452,"cvss_v4_0":456},{"baseScore":453,"baseSeverity":9,"vectorString":454,"impactScore":455,"exploitabilityScore":444},9.1,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",8.7,{"baseScore":457,"baseSeverity":9,"vectorString":458,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",[460,478],{"ecosystem":9,"name":461,"vendor":462,"product":463,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"Django","djangoproject","django","a",[466,474],{"version":467,"is_range":468,"range_type":469,"version_start":470,"version_start_type":471,"version_end":472,"version_end_type":473,"fixed_in":9},"gte4.2_lt4.2.15",true,"cpe","4.2","including","4.2.15","excluding",{"version":475,"is_range":468,"range_type":469,"version_start":476,"version_start_type":471,"version_end":477,"version_end_type":473,"fixed_in":9},"gte5.0_lt5.0.8","5.0","5.0.8",{"ecosystem":479,"name":463,"vendor":479,"product":463,"cpe_part":9,"purl_type":480,"purl_namespace":9,"purl_name":463,"source":9,"versions":481},"PyPI","pypi",[482,485],{"version":483,"is_range":468,"range_type":484,"version_start":476,"version_start_type":471,"version_end":477,"version_end_type":473,"fixed_in":9},"gte5_0_lt5_0_8","ecosystem",{"version":486,"is_range":468,"range_type":484,"version_start":470,"version_start_type":471,"version_end":472,"version_end_type":473,"fixed_in":9},"gte4_2_lt4_2_15"]