Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the breaklongheaders template filter due to improper input sanitization before splitting and joining with <br> tags.
"https://github.com/pypa/advisory-database/blob/main/vulns/djangorestframework/PYSEC-2026-1304.yaml"