Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2011-4104
The from_yaml method in serializers.py in Django Tastypie prior to 0.9.10 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Tastypie
NA
CVE-2022-41323
In Django 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
Djangoproject Django
NA
CVE-2024-24680
An issue exists in Django 3.2 prior to 3.2.24, 4.2 prior to 4.2.10, and Django 5.0 prior to 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Djangoproject Django
1 Github repository
4
CVSSv2
CVE-2019-19118
Django 2.1 prior to 2.1.15 and 2.2 prior to 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, al...
Djangoproject Django
Fedoraproject Fedora 31
3 Github repositories
5
CVSSv2
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
5
CVSSv2
CVE-2019-14232
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic back...
Djangoproject Django
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-14233
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete H...
Djangoproject Django
Opensuse Leap 15.1
NA
CVE-2023-41164
In Django 3.2 prior to 3.2.21, 4.1 prior to 4.1.11, and 4.2 prior to 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Djangoproject Django
Fedoraproject Fedora 39
5
CVSSv2
CVE-2019-14235
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Djangoproject Django
Opensuse Leap 15.1
5
CVSSv2
CVE-2021-45452
Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Djangoproject Django
Fedoraproject Fedora 35
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »