Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-33203
Django prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admind...
Djangoproject Django
Fedoraproject Fedora 35
445
VMScore
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
383
VMScore
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
445
VMScore
CVE-2021-31542
In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
356
VMScore
CVE-2020-15225
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input ...
Django-filter Project Django-filter
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
312
VMScore
CVE-2021-29434
Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin...
668
VMScore
CVE-2021-30459
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar prior to 1.11.1, 2.x prior to 2.2.1, and 3.x prior to 3.2.1 allows malicious users to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.
445
VMScore
CVE-2021-28658
In Django 2.2 prior to 2.2.20, 3.0 prior to 3.0.14, and 3.1 prior to 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
312
VMScore
CVE-2021-21416
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration before 3.1.2, the base user-account registration view did not properl...
Django-registration Project Django-registration
445
VMScore
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents ...
Openmicroscopy Omero.web
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »