Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-0846
django-markupfield prior to 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote malicious users to include and read arbitrary files via unspecified vectors.
Django-markupfield Project Django-markupfield
6.8
CVSSv2
CVE-2021-3994
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
5
CVSSv2
CVE-2015-3982
The session.flush function in the cached_db backend in Django 1.8.x prior to 1.8.2 does not properly flush the session, which allows remote malicious users to hijack user sessions via an empty string in the session key.
Djangoproject Django 1.8.0
Djangoproject Django 1.8.1
4.3
CVSSv2
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
Django-epiceditor Project Django-epiceditor 0.2.3
NA
CVE-2018-25045
Django REST framework (aka django-rest-framework) prior to 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.
Django-rest-framework Django Rest Framework
6
CVSSv2
CVE-2016-2048
Django 1.9.x prior to 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...
Djangoproject Django 1.9
Djangoproject Django 1.9.1
5
CVSSv2
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 prior to 1.0.4 and 1.1 prior to 1.1.1 allows remote malicious users to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amou...
Djangoproject Django 1.0
Djangoproject Django 1.1
4.3
CVSSv2
CVE-2010-3082
Cross-site scripting (XSS) vulnerability in Django 1.2.x prior to 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.
Djangoproject Django 1.2.2
Djangoproject Django 1.2.1
4.3
CVSSv2
CVE-2019-15486
django-js-reverse (aka Django JS Reverse) prior to 0.9.1 has XSS via js_reverse_inline.
Django Js Reverse Project Django Js Reserve
5
CVSSv2
CVE-2020-17495
django-celery-results up to and including 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Django-celery-results Project Django-celery-results
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »