An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnaGYtMzQ3eC1jMmdq

SQL Injection via in django-debug-toolbar


With Django Debug Toolbar attackers are able to execute SQL by changing the raw_sql input of the SQL explain, analyze or select forms and submitting the form.

NOTE: This is a high severity issue for anyone using the toolbar in a production environment.

Generally the Django Debug Toolbar team only maintains the latest version of django-debug-toolbar, but an exception was made because of the high severity of this issue.


Please upgrade to one of the following versions, depending on the major version you're using:

For more information

If you have any questions or comments about this advisory:

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 8 months ago

Identifiers: GHSA-pghf-347x-c2gj, CVE-2021-30459

Affected Packages

Versions: >= 2.0.0, < 2.2.1, >= 0.10.0, < 1.11.1, >= 3.0.0, < 3.2.1
Fixed in: 2.2.1, 1.11.1, 3.2.1