Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
5
CVSSv2
CVE-2021-31542
In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5
CVSSv2
CVE-2021-28658
In Django 2.2 prior to 2.2.20, 3.0 prior to 3.0.14, and 3.1 prior to 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents ...
Openmicroscopy Omero.web
5
CVSSv2
CVE-2021-3281
In Django 2.2 prior to 2.2.18, 3.0 prior to 3.0.12, and 3.1 prior to 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths wi...
Djangoproject Django
Fedoraproject Fedora 33
Netapp Snapcenter -
1 Github repository
5
CVSSv2
CVE-2020-24583
An issue exists in Django 2.2 prior to 2.2.16, 3.0 prior to 3.0.10, and 3.1 prior to 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to in...
Djangoproject Django
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Zfs Storage Appliance Kit 8.8
5
CVSSv2
CVE-2020-24584
An issue exists in Django 2.2 prior to 2.2.16, 3.0 prior to 3.0.10, and 3.1 prior to 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
Djangoproject Django
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Zfs Storage Appliance Kit 8.8
5
CVSSv2
CVE-2020-17495
django-celery-results up to and including 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Django-celery-results Project Django-celery-results
5
CVSSv2
CVE-2019-10682
django-nopassword prior to 5.0.0 stores cleartext secrets in the database.
Django-nopassword Project Django-nopassword
5
CVSSv2
CVE-2019-19844
Django prior to 1.11.27, 2.x prior to 2.2.9, and 3.x prior to 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an malicious user to be sent a passwo...
Djangoproject Django
Djangoproject Django 3.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
7 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »