Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-13177
verification.py in django-rest-registration (aka Django REST Registration library) prior to 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote malicious users to spoof the verification process. This occurs because incorre...
Django-rest-registration Project Django-rest-registration
8.8
CVSSv3
CVE-2020-5224
In Django User Sessions (django-user-sessions) prior to 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS v...
Django-user-sessions Project Django-user-sessions
9.8
CVSSv3
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigge...
Django Make App Project Django Make App 0.1.3
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
6.1
CVSSv3
CVE-2022-4589
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched rem...
Django Terms And Conditions Project Django Terms And Conditions
9.1
CVSSv3
CVE-2018-6596
webhooks/base.py in Anymail (aka django-anymail) prior to 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote malicious users to post arbitrary e-mail tracking events.
Django-anymail Project Django-anymail
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2020-15105
Django Two-Factor Authentication prior to 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by enterin...
Django Two-factor Authentication Project Django Two-factor Authentication
2.4
CVSSv3
CVE-2020-4071
In django-basic-auth-ip-whitelist prior to 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones p...
Django-basic-auth-ip-whitelist Project Django-basic-auth-ip-whitelist
6.5
CVSSv3
CVE-2020-15225
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input ...
Django-filter Project Django-filter
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
7.5
CVSSv3
CVE-2024-24680
An issue exists in Django 3.2 prior to 3.2.24, 4.2 prior to 4.2.10, and Django 5.0 prior to 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
Djangoproject Django
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »