Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
djangoproject vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-28347
A SQL injection issue exists in QuerySet.explain() in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
Djangoproject Django
Debian Debian Linux 11.0
2 Github repositories
5.3
CVSSv3
CVE-2021-3281
In Django 2.2 prior to 2.2.18, 3.0 prior to 3.0.12, and 3.1 prior to 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths wi...
Djangoproject Django
Fedoraproject Fedora 33
Netapp Snapcenter -
1 Github repository
5.3
CVSSv3
CVE-2021-28658
In Django 2.2 prior to 2.2.20, 3.0 prior to 3.0.14, and 3.1 prior to 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
6.1
CVSSv3
CVE-2022-22818
The {% debug %} template tag in Django 2.2 prior to 2.2.27, 3.2 prior to 3.2.12, and 4.0 prior to 4.0.2 does not properly encode the current context. This may lead to XSS.
Djangoproject Django
Fedoraproject Fedora 35
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2018-14574
django.middleware.common.CommonMiddleware in Django 1.11.x prior to 1.11.15 and 2.0.x prior to 2.0.8 has an Open Redirect.
Djangoproject Django
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
7.5
CVSSv3
CVE-2021-31542
In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2022-23833
An issue exists in MultiPartParser in Django 2.2 prior to 2.2.27, 3.2 prior to 3.2.12, and 4.0 prior to 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Djangoproject Django
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2019-14234
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, w...
Djangoproject Django
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv3
CVE-2023-36053
In Django 3.2 prior to 3.2.20, 4 prior to 4.1.10, and 4.2 prior to 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Djangoproject Django
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »