Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-43410
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https:/...
Apache Airavata Django Portal
668
VMScore
CVE-2022-32996
The django-navbar-client package of v0.9.50 to v1.0.1 exists to contain a code execution backdoor via the request package. This vulnerability allows malicious users to access sensitive user information and digital currency keys, as well as escalate privileges.
Pypi Django-navbar-client
NA
CVE-2017-20182
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argum...
Mobilevikings Django Ajax Utilities
605
VMScore
CVE-2019-11457
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
Micropyramid Django Crm 0.2.1
605
VMScore
CVE-2018-16552
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
Micropyramid Django Crm 0.2
NA
CVE-2023-38941
django-sspanel v2022.2.2 exists to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.
Ehco1996 Django-sspanel 2022.2.2
670
VMScore
CVE-2021-35042
Django 3.1.x prior to 3.1.13 and 3.2.x prior to 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
Djangoproject Django
Fedoraproject Fedora 34
9 Github repositories
445
VMScore
CVE-2021-45116
An issue exists in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method ...
Djangoproject Django
Fedoraproject Fedora 35
356
VMScore
CVE-2021-33203
Django prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admind...
Djangoproject Django
Fedoraproject Fedora 35
357
VMScore
CVE-2019-19118
Django 2.1 prior to 2.1.15 and 2.2 prior to 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, al...
Djangoproject Django
Fedoraproject Fedora 31
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »