Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-5145
validators.URLValidator in Django 1.8.x prior to 1.8.3 allows remote malicious users to cause a denial of service (CPU consumption) via unspecified vectors.
Djangoproject Django 1.8.1
Djangoproject Django 1.8.2
Djangoproject Django 1.8.0
7.5
CVSSv3
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether ...
Djangoproject Django 2.0.1
Djangoproject Django 1.11.9
Djangoproject Django 2.0
Djangoproject Django 1.11.8
Canonical Ubuntu Linux 17.10
NA
CVE-2007-0404
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows malicious users to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
Django Project Django 0.95
NA
CVE-2007-0405
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.
Django Project Django 0.95
NA
CVE-2007-5828
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote malicious users to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes ...
Django Project Django 0.96
5.4
CVSSv3
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an malicious user to execute arbitrary JavaScript code in the web browser of ...
Django-cms Django Cms
9.8
CVSSv3
CVE-2022-24840
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions before 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location onl...
Django-s3file Project Django-s3file
6.1
CVSSv3
CVE-2022-4595
A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposed_hosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the at...
Django-openipam Project Django-openipam
7.5
CVSSv3
CVE-2019-10682
django-nopassword prior to 5.0.0 stores cleartext secrets in the database.
Django-nopassword Project Django-nopassword
8.8
CVSSv3
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »