Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2022-22818
The {% debug %} template tag in Django 2.2 prior to 2.2.27, 3.2 prior to 3.2.12, and 4.0 prior to 4.0.2 does not properly encode the current context. This may lead to XSS.
Djangoproject Django
Fedoraproject Fedora 35
Debian Debian Linux 11.0
446
VMScore
CVE-2022-23833
An issue exists in MultiPartParser in Django 2.2 prior to 2.2.27, 3.2 prior to 3.2.12, and 4.0 prior to 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Djangoproject Django
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
357
VMScore
CVE-2022-21683
Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads....
Torchbox Wagtail
312
VMScore
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an malicious user to execute arbitrary JavaScript code in the web browser of ...
Django-cms Django Cms
445
VMScore
CVE-2021-45115
An issue exists in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where acc...
Djangoproject Django
Fedoraproject Fedora 35
445
VMScore
CVE-2021-45116
An issue exists in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method ...
Djangoproject Django
Fedoraproject Fedora 35
445
VMScore
CVE-2021-45452
Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Djangoproject Django
Fedoraproject Fedora 35
1 Github repository
445
VMScore
CVE-2021-43410
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https:/...
Apache Airavata Django Portal
668
VMScore
CVE-2021-44420
In Django 2.2 prior to 2.2.25, 3.1 prior to 3.1.14, and 3.2 prior to 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Djangoproject Django
Redhat Satellite 6.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 35
605
VMScore
CVE-2021-3994
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »