{"package":"django-ses","ecosystem":"conda","latest_version":"3.1.0","description":"A Django email backend for Amazon's Simple Email Service","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/django-ses/django-ses","repository":"","downloads_weekly":206,"health":{"score":47,"risk":"high","breakdown":{"maintenance":5,"popularity":3,"security":25,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":0,"low":2,"details":[{"vuln_id":"CVE-2023-33185","severity":"low","summary":"Incorrect signature verification in django-ses","affected_versions":"<3.5.0|=0.1|=0.2|=0.3.0|=0.4.0|=0.4.1|=0.6.0|=0.7.0|=0.7.1|=0.8.0|=0.8.1|=0.8.10|=0.8.11|=0.8.12|=0.8.13|=0.8.14|=0.8.2|=0.8.3|=0.8.3.1|=0.8.4|=0.8.5|=0.8.6|=0.8.7|=0.8.8|=0.8.9|=1.0.0|=1.0.1|=1.0.2|=1.0.3|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.2.1|=2.2.2|=2.3.0|=2.3.1|=2.4.0|=2.5.0|=2.6.0|=2.6.1|=3.0.0|=3.0.1|=3.1.0|=3.1.2|=3.2.0|=3.2.1|=3.2.2|=3.3.0|=3.4.0|=3.4.1","fixed_version":"3.5.0","source":"osv","published_at":"2023-05-22T19:41:56Z","in_kev":false,"epss_prob":0.00073,"epss_percentile":0.2201,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-33185","severity":"unknown","summary":"Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched i","affected_versions":"<b71b5f413293a13997b6e6314086cb9c22629795|<3.5.0|=0.1|=0.2|=0.3.0|=0.4.0|=0.4.1|=0.6.0|=0.7.0|=0.7.1|=0.8.0|=0.8.1|=0.8.10|=0.8.11|=0.8.12|=0.8.13|=0.8.14|=0.8.2|=0.8.3|=0.8.3.1|=0.8.4|=0.8.5|=0.8.6|=0.8.7|=0.8.8|=0.8.9|=1.0.0|=1.0.1|=1.0.2|=1.0.3|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.2.1|=2.2.2|=2.3.0|=2.3.1|=2.4.0|=2.5.0|=2.6.0|=2.6.1|=3.0.0|=3.0.1|=3.1.0|=3.1.2|=3.2.0|=3.2.1|=3.2.2|=3.3.0|=3.4.0|=3.4.1","fixed_version":"3.5.0","source":"osv","published_at":"2023-05-26T21:15:00Z","in_kev":false,"epss_prob":0.00073,"epss_percentile":0.2201,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.1.0","total_count":20,"recent":["0.8.14","1.0.0","1.0.1","1.0.2","1.0.3","2.0.0","2.1.0","2.1.1","2.2.0","2.2.1","2.2.2","2.3.0","2.3.1","2.4.0","2.5.0","2.6.0","2.6.1","3.0.0","3.0.1","3.1.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-05-27 20:00:21.908000+00:00","last_published":"2025-04-22 14:57:27.070000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"3.1.0","version_hint":"Update to >= 3.5.0 to fix known vulnerabilities","summary":"django-ses@3.1.0 is safe to use (health: 47/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":445,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"aws-cdk.aws-autoscaling","occurrences":2},{"package":"debugpy","occurrences":2},{"package":"kernel-headers-conda-aarch64","occurrences":2},{"package":"mesa-libegl-cos7-x86_64","occurrences":2},{"package":"minio-client","occurrences":2}],"version_history_summary":{"total_versions":20,"first_release_age_days":2165,"last_release_days_ago":374,"avg_days_between_releases":114,"release_velocity":"stale"},"popularity_warning":{"this_ecosystem_downloads":206,"more_popular_in":{"ecosystem":"pypi","downloads_weekly":289437},"hint":"This is the conda package 'django-ses' (206 dl/week). A much more popular package with the same name exists in pypi (289,437 dl/week). Confirm you queried the right ecosystem."}}