The Django team is releasing new versions to address critical security vulnerabilities. These releases include Django 5.2.7, 5.1.13, and 4.2.25. One high-severity issue, CVE-2025-59681, involves a potential SQL injection vulnerability in specific QuerySet methods on MySQL and MariaDB. This injection could occur through crafted column aliases. The second vulnerability, CVE-2025-59682, is a low-severity issue related to partial directory traversal. This could be exploited through the archive.extract() function when using custom templates for startapp and startproject. Patches have been applied to the affected Django branches. Users are strongly advised to upgrade to the newly released versions as soon as possible. The Django security policy outlines how to report potential issues privately. The PGP key ID for this release is Jacob Walls: 131403F4D16D8DC7.