Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
NA
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 prior to 1.0.4 and 1.1 prior to 1.1.1 allows remote malicious users to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amou...
Djangoproject Django 1.0
Djangoproject Django 1.1
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
6.1
CVSSv3
CVE-2019-12308
An issue exists in Django 1.11 prior to 1.11.21, 2.1 prior to 2.1.9, and 2.2 prior to 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or...
Djangoproject Django
9.8
CVSSv3
CVE-2022-34265
An issue exists in Django 3.2 prior to 3.2.14 and 4.0 prior to 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list ...
Djangoproject Django
8 Github repositories
7.5
CVSSv3
CVE-2023-46695
An issue exists in Django 3.2 prior to 3.2.23, 4.1 prior to 4.1.13, and 4.2 prior to 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very...
Djangoproject Django
7.5
CVSSv3
CVE-2022-41323
In Django 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
Djangoproject Django
NA
CVE-2011-4103
emitters.py in Django Piston prior to 0.2.3 and 0.2.x prior to 0.2.2.1 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Piston
NA
CVE-2011-4104
The from_yaml method in serializers.py in Django Tastypie prior to 0.9.10 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Tastypie
9.8
CVSSv3
CVE-2020-7471
Django 1.11 prior to 1.11.28, 2.2 prior to 2.2.10, and 3.0 prior to 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a s...
Djangoproject Django
11 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »