Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-6975
Django 1.11.x prior to 1.11.19, 2.0.x prior to 2.0.11, and 2.1.x prior to 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
Djangoproject Django
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Fedoraproject Fedora 28
Fedoraproject Fedora 29
3 Github repositories
7.5
CVSSv3
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether ...
Djangoproject Django 2.0.1
Djangoproject Django 1.11.9
Djangoproject Django 2.0
Djangoproject Django 1.11.8
Canonical Ubuntu Linux 17.10
7.4
CVSSv3
CVE-2020-35681
Django Channels 3.x prior to 3.0.3 allows remote malicious users to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate...
Djangoproject Channels
7.4
CVSSv3
CVE-2018-1000089
Anymail django-anymail version version 0.2 up to and including 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable...
Django-anymail Project Django-anymail
7.4
CVSSv3
CVE-2016-2512
The utils.http.is_safe_url function in Django prior to 1.8.10 and 1.9.x prior to 1.9.3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authenticat...
Djangoproject Django 1.9
Djangoproject Django 1.9.2
Djangoproject Django 1.9.1
Djangoproject Django 1.8.9
7.3
CVSSv3
CVE-2021-44420
In Django 2.2 prior to 2.2.25, 3.1 prior to 3.1.14, and 3.2 prior to 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Djangoproject Django
Redhat Satellite 6.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 35
7.2
CVSSv3
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
6.5
CVSSv3
CVE-2023-46128
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords a...
Networktocode Nautobot
6.5
CVSSv3
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions before 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry....
Sentry Sentry Software Development Kit
6.5
CVSSv3
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confiden...
Redhat Openstack 16.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »