Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
9.6
CVSSv3
CVE-2021-3994
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
5.5
CVSSv3
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
NA
CVE-2015-3982
The session.flush function in the cached_db backend in Django 1.8.x prior to 1.8.2 does not properly flush the session, which allows remote malicious users to hijack user sessions via an empty string in the session key.
Djangoproject Django 1.8.0
Djangoproject Django 1.8.1
6.1
CVSSv3
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
Django-epiceditor Project Django-epiceditor 0.2.3
NA
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 prior to 1.0.4 and 1.1 prior to 1.1.1 allows remote malicious users to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amou...
Djangoproject Django 1.0
Djangoproject Django 1.1
NA
CVE-2010-3082
Cross-site scripting (XSS) vulnerability in Django 1.2.x prior to 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Djangoproject Django 1.2.2
Djangoproject Django 1.2.1
6.1
CVSSv3
CVE-2018-25045
Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Django-rest-framework Django Rest Framework
6.1
CVSSv3
CVE-2019-15486
django-js-reverse (aka Django JS Reverse) prior to 0.9.1 has XSS via js_reverse_inline.
Django Js Reverse Project Django Js Reserve
7.5
CVSSv3
CVE-2020-17495
django-celery-results up to and including 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Django-celery-results Project Django-celery-results
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »