Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41323
In Django 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
Djangoproject Django
NA
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 prior to 2.5.1 and 2.6.x prior to 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
Django-mfa2 Project Django-mfa2
NA
CVE-2022-36359
An issue exists in the HTTP FileResponse class in Django 3.2 prior to 3.2.15 and 4.0 prior to 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied i...
Djangoproject Django
Debian Debian Linux 11.0
NA
CVE-2018-25045
Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Django-rest-framework Django Rest Framework
NA
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confiden...
Redhat Openstack 16.2
670
VMScore
CVE-2022-34265
An issue exists in Django 3.2 prior to 3.2.14 and 4.0 prior to 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list ...
Djangoproject Django
8 Github repositories
668
VMScore
CVE-2022-32996
The django-navbar-client package of v0.9.50 to v1.0.1 exists to contain a code execution backdoor via the request package. This vulnerability allows malicious users to access sensitive user information and digital currency keys, as well as escalate privileges.
Pypi Django-navbar-client
668
VMScore
CVE-2022-24840
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions before 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location onl...
Django-s3file Project Django-s3file
578
VMScore
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
670
VMScore
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »