Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject django vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2011-0698
Directory traversal vulnerability in Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 on Windows might allow remote malicious users to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Djangoproject Django 1.1.0
Djangoproject Django 1.1.2
Djangoproject Django 1.1
Djangoproject Django 1.1.3
Djangoproject Django 1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
605
VMScore
CVE-2011-4140
The CSRF protection mechanism in Django up to and including 1.2.7 and 1.3.x up to and including 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote malicious users to trigger unauthenticated forged requests via vect...
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
605
VMScore
CVE-2011-0696
Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a &q...
Djangoproject Django 1.1.2
Djangoproject Django 1.1.3
Djangoproject Django 1.1
Djangoproject Django 1.1.0
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2
584
VMScore
CVE-2020-9402
Django 1.11 prior to 1.11.29, 2.2 prior to 2.2.11, and 3.0 prior to 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was p...
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Netapp Steelstore Cloud Integrated Storage -
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
570
VMScore
CVE-2014-1418
Django 1.4 prior to 1.4.13, 1.5 prior to 1.5.8, 1.6 prior to 1.6.5, and 1.7 prior to 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote malicious users to obtain sensitive information or poison the cache via a reques...
Djangoproject Django 1.7
Djangoproject Django 1.4.12
Djangoproject Django 1.4.2
Djangoproject Django 1.4.4
Djangoproject Django 1.4
Djangoproject Django 1.4.1
Djangoproject Django 1.4.7
Djangoproject Django 1.4.8
Djangoproject Django 1.4.5
Djangoproject Django 1.4.6
Djangoproject Django 1.4.10
Djangoproject Django 1.4.11
Djangoproject Django 1.4.9
Djangoproject Django 1.5.7
Djangoproject Django 1.5.6
Djangoproject Django 1.5.3
Djangoproject Django 1.5.4
Djangoproject Django 1.5
Djangoproject Django 1.5.5
Djangoproject Django 1.5.1
Djangoproject Django 1.5.2
Canonical Ubuntu Linux 12.04
570
VMScore
CVE-2012-4520
The django.http.HttpRequest.get_host function in Django 1.3.x prior to 1.3.4 and 1.4.x prior to 1.4.2 allows remote malicious users to generate and display arbitrary URLs via crafted username and password Host header values.
Djangoproject Django 1.3.2
Djangoproject Django 1.3.3
Djangoproject Django 1.3
Djangoproject Django 1.3.1
Djangoproject Django 1.4
Djangoproject Django 1.4.1
534
VMScore
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
534
VMScore
CVE-2014-0482
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django prior to 1.4.14, 1.5.x prior to 1.5.9, 1.6.x prior to 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web s...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Djangoproject Django 1.6
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.3
Djangoproject Django 1.6.4
Djangoproject Django 1.6.5
Djangoproject Django 1.4
Djangoproject Django 1.4.1
Djangoproject Django 1.4.5
Djangoproject Django 1.4.6
Djangoproject Django 1.4.10
Djangoproject Django 1.4.11
Djangoproject Django 1.4.7
Djangoproject Django 1.4.8
Djangoproject Django 1.4.12
Djangoproject Django
Djangoproject Django 1.4.9
Djangoproject Django 1.4.2
Djangoproject Django 1.4.4
Djangoproject Django 1.7
520
VMScore
CVE-2018-14574
django.middleware.common.CommonMiddleware in Django 1.11.x prior to 1.11.15 and 2.0.x prior to 2.0.8 has an Open Redirect.
Djangoproject Django
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
517
VMScore
CVE-2017-7234
A maliciously crafted URL to a Django (1.10 prior to 1.10.7, 1.9 prior to 1.9.13, and 1.8 prior to 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Djangoproject Django 1.8.2
Djangoproject Django 1.8.3
Djangoproject Django 1.8.10
Djangoproject Django 1.8.11
Djangoproject Django 1.8.0
Djangoproject Django 1.9.4
Djangoproject Django 1.9.5
Djangoproject Django 1.10.1
Djangoproject Django 1.10.2
Djangoproject Django 1.9
Djangoproject Django 1.9.1
Djangoproject Django 1.8.4
Djangoproject Django 1.8.5
Djangoproject Django 1.8.12
Djangoproject Django 1.8.13
Djangoproject Django 1.9.6
Djangoproject Django 1.9.7
Djangoproject Django 1.10.3
Djangoproject Django 1.10.4
Djangoproject Django 1.9.2
Djangoproject Django 1.9.8
Djangoproject Django 1.8.1
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »