Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
NA
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 prior to 1.0.4 and 1.1 prior to 1.1.1 allows remote malicious users to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amou...
Djangoproject Django 1.0
Djangoproject Django 1.1
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
4.9
CVSSv3
CVE-2018-16984
An issue exists in Django 2.1 prior to 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permiss...
Djangoproject Django
NA
CVE-2011-4103
emitters.py in Django Piston prior to 0.2.3 and 0.2.x prior to 0.2.2.1 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Piston
NA
CVE-2011-4104
The from_yaml method in serializers.py in Django Tastypie prior to 0.9.10 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Tastypie
7.5
CVSSv3
CVE-2023-46695
An issue exists in Django 3.2 prior to 3.2.23, 4.1 prior to 4.1.13, and 4.2 prior to 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very...
Djangoproject Django
7.5
CVSSv3
CVE-2022-41323
In Django 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
Djangoproject Django
7.5
CVSSv3
CVE-2024-24680
An issue exists in Django 3.2 prior to 3.2.24, 4.2 prior to 4.2.10, and Django 5.0 prior to 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Djangoproject Django
1 Github repository
9.8
CVSSv3
CVE-2022-34265
An issue exists in Django 3.2 prior to 3.2.14 and 4.0 prior to 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list ...
Djangoproject Django
8 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »