Lucene search
K

191 matches found

OSV
OSV
added 2026/03/06 12:41 p.m.7 views

OESA-2026-1507 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.4AI score0.09436EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Plane 访问控制错误漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained a access control vulnerability, which stemmed from incorrect configuration of the Django REST Framework’s permission classes. This allowed anonymous access to...

7.5CVSS5.8AI score0.00377EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/05 12:0 a.m.3 views

python311-Django4-4.2.29-1.1 on GA media (moderate)

python311-Django4-4.2.29-1.1 on GA media Announcement ID: openSUSE-SU-2026:10282-1 Rating: moderate Cross-References: CVE-2026-25674 CVSS scores: CVE-2026-25674 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-25674 SUSE : 6.3...

6.3CVSS6AI score0.00341EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.3, 5.2.12, and 4.2.29 contain security vulnerabilities. These...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, written in Django, and serves as a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities, which were caused by improper handling of cache key...

3.5CVSS5.8AI score0.00245EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, written in Django, and it’s a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities. These vulnerabilities were due to improper filtering of que...

4.3CVSS5.8AI score0.00257EPSS
Exploits1References2
OSV
OSV
added 2026/02/13 1:15 p.m.6 views

OESA-2026-1342 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS5.4AI score0.02143EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 3:49 p.m.3 views

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the band index parameter bandlhs in checkraster lookups when using PostGIS. An attacker can execute arbitrary S...

8.3CVSS6.7AI score0.09436EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.6 views

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2026-1287 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...

8.3CVSS7AI score0.00754EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...

5.3CVSS5.8AI score0.00713EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Django 安全漏洞

Django is a set of open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...

5.4CVSS7.4AI score0.00802EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/01/08 1:51 p.m.160 views

Exploit for SQL Injection in Djangoproject Django

No d...

9.1CVSS7AI score0.19396EPSS
Exploits10
Fedora
Fedora
added 2025/12/18 1:12 a.m.18 views

[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

9.8CVSS7.9AI score0.19396EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2025/12/13 12:0 a.m.7 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2025-20153-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20153-1 advisory. - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 -...

9.1CVSS8.2AI score0.19396EPSS
Exploits10References8
OSV
OSV
added 2025/12/11 11:37 a.m.5 views

BIT-DJANGO-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 1:12 p.m.5 views

OESA-2025-2790 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/04 12:0 a.m.167 views

📄 Django 5.1.13 SQL Injection

Django version 5.1.13 suffers from a remote SQL injection vulnerability. Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link:...

9.1CVSS8.2AI score0.19396EPSS
Exploits10
Veracode
Veracode
added 2025/11/24 5:35 p.m.5 views

Directory Traversal

Django is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the django.utils.archive.extract function, which allows an attacker to supply archive files with paths crafted to share a prefix with the target directory, enabling partial traversal and unintende...

6.5CVSS7.2AI score0.0085EPSS
Exploits0References10Affected Software1
Snyk
Snyk
added 2025/11/05 3:47 p.m.11 views

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the connector argument in the QuerySet.filter, QuerySet.exclude, QuerySet.get, and Q objects. A dictionary usin...

9.1CVSS8.1AI score0.19396EPSS
Exploits10References2
NVD
NVD
added 2025/11/05 3:15 p.m.13 views

CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS0.19396EPSS
Exploits10References4
Rows per page
Query Builder