Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

119 matches found

AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.8 views

Astra Linux - уязвимость в python-django

A issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. Methods like QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are vulnerable to SQL injection when column aliases are used, especially when a properly crafted dictionary is passed...

9.8CVSS7.2AI score0.00014EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/04/08 9:50 p.m.1 views

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2026-39987 via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2026-39987 Source advisory: SNYK:PYTHON-MARIMO-15954201...

9.8CVSS7.3AI score0.79886EPSS
Exploits11
vulnersOsv
vulnersOsvadded 2026/04/08 9:50 p.m.1 views

click-clack (>=0.1.0 <=0.2.1), dr-widget (>=0.1.2 <=0.1.3) +7 more potentially affected by CVE-2025-39987 +1 more via marimo (>=0.10.19 <=0.21.1)

marimo PYPI version =0.10.19, =0.1.0, =0.1.2, =1.2.7, =2025.8.0, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: CVE-2025-39987, CVE-2026-39987 Source advisory: OSV:GHSA-2679-6MX9-H9XC...

9.8CVSS7.3AI score0.79886EPSS
Exploits11
RedHat Linux
RedHat Linuxadded 2026/03/26 8:30 p.m.3 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

5.4CVSS7.6AI score0.00011EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2026/03/26 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006300 advisory. An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a...

8.1CVSS6AI score0.00074EPSS
Exploits4References4
RedHat Linux
RedHat Linuxadded 2026/03/06 4:36 p.m.2 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

5.4CVSS6.2AI score0.00011EPSS
Exploits0References7
Veracode
Veracodeadded 2026/02/11 8:38 a.m.5 views

SQL Injection

Django is vulnerable to SQL injection. The vulnerability is due to improper handling of column aliases in FilteredRelation when using dictionary expansion kwargs, where crafted keys containing control characters can manipulate SQL generation in methods such as annotate, aggregate, extra, values,...

5.4CVSS5.8AI score0.00011EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/02/06 12:0 a.m.3 views

Juniper Junos OS Vulnerability (JSA100096)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100096 advisory. - An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high...

6.8CVSS5.6AI score0.00089EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/03 4:7 p.m.2 views

CVE-2026-1287

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS5.8AI score0.00011EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/03 2:36 p.m.4 views

CVE-2026-1287

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

5.6AI score0.00011EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2026/01/15 1:34 p.m.4 views

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper handling of column aliases in FilteredRelation when expanding user-controlled dictionaries passed to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject crafted SQL on PostgreSQL...

4.3CVSS5.8AI score0.00006EPSS
Exploits0References9Affected Software1
OSV
OSVadded 2025/12/13 11:36 a.m.3 views

BIT-DJANGO-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.9AI score0.00006EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/12/12 4:0 p.m.1 views

CVE-2025-13372

A flaw was found in Django. This vulnerability allows Structured Query Language SQL injection in column aliases via a suitably crafted dictionary with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Mitigation Mitigation for this issue is either no...

4.3CVSS7.1AI score0.00006EPSS
Exploits0References6
OSV
OSVadded 2025/12/12 12:21 p.m.2 views

OESA-2025-2849 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.00006EPSS
Exploits0References2
OSV
OSVadded 2025/12/12 12:21 p.m.1 views

OESA-2025-2848 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.00006EPSS
Exploits0References2
OSV
OSVadded 2025/12/12 12:21 p.m.2 views

OESA-2025-2847 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.00006EPSS
Exploits0References2
EUVD
EUVDadded 2025/12/02 6:30 p.m.2 views

EUVD-2025-200249

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.4AI score0.00006EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/12/02 6:30 p.m.4 views

Django is vulnerable to SQL injection in column aliases

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS8AI score0.00006EPSS
Exploits0References10Affected Software1
PyPA
PyPAadded 2025/12/02 4:15 p.m.6 views

PYSEC-2025-104

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL.Earlier,...

4.3CVSS7.3AI score0.00006EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/12/02 4:15 p.m.1 views

CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS0.00006EPSS
Exploits0References3
Rows per page
Query Builder