Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-47115
Label Studio is an a popular open source data labeling tool. Versions before 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Ex...
Humansignal Label Studio
6.1
CVSSv3
CVE-2024-22199
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execut...
Gofiber Django
4.3
CVSSv3
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e.,...
Networktocode Nautobot
5.3
CVSSv3
CVE-2023-50263
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x before 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...`...
Networktocode Nautobot
6.1
CVSSv3
CVE-2023-49277
dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an malicious user ...
Darrennathanael Dpaste
8.8
CVSSv3
CVE-2023-43791
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate t...
Humansignal Label Studio
7.5
CVSSv3
CVE-2023-41164
In Django 3.2 prior to 3.2.21, 4.1 prior to 4.1.11, and 4.2 prior to 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Djangoproject Django
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-43665
In Django 3.2 prior to 3.2.22, 4.1 prior to 4.1.12, and 4.2 prior to 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HT...
Djangoproject Django
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2023-46695
An issue exists in Django 3.2 prior to 3.2.23, 4.1 prior to 4.1.13, and 4.2 prior to 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very...
Djangoproject Django
6.5
CVSSv3
CVE-2023-46128
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords a...
Networktocode Nautobot
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »