Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-13177
verification.py in django-rest-registration (aka Django REST Registration library) prior to 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote malicious users to spoof the verification process. This occurs because incorre...
Django-rest-registration Project Django-rest-registration
7.5
CVSSv3
CVE-2020-17495
django-celery-results up to and including 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Django-celery-results Project Django-celery-results
9.8
CVSSv3
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigge...
Django Make App Project Django Make App 0.1.3
9.8
CVSSv3
CVE-2023-31047
In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file wa...
Djangoproject Django 4.2
Djangoproject Django
Fedoraproject Fedora 38
5.4
CVSSv3
CVE-2020-15105
Django Two-Factor Authentication prior to 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by enterin...
Django Two-factor Authentication Project Django Two-factor Authentication
6.1
CVSSv3
CVE-2022-4589
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched rem...
Django Terms And Conditions Project Django Terms And Conditions
9.1
CVSSv3
CVE-2018-6596
webhooks/base.py in Anymail (aka django-anymail) prior to 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote malicious users to post arbitrary e-mail tracking events.
Django-anymail Project Django-anymail
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2020-15225
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input ...
Django-filter Project Django-filter
Fedoraproject Fedora 34
Fedoraproject Fedora 35
1 Github repository
2.4
CVSSv3
CVE-2020-4071
In django-basic-auth-ip-whitelist prior to 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones p...
Django-basic-auth-ip-whitelist Project Django-basic-auth-ip-whitelist
7.5
CVSSv3
CVE-2023-46695
An issue exists in Django 3.2 prior to 3.2.23, 4.1 prior to 4.1.13, and 4.2 prior to 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very...
Djangoproject Django
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »