191 matches found
OESA-2026-1507 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
Plane 访问控制错误漏洞
Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained a access control vulnerability, which stemmed from incorrect configuration of the Django REST Framework’s permission classes. This allowed anonymous access to...
python311-Django4-4.2.29-1.1 on GA media (moderate)
python311-Django4-4.2.29-1.1 on GA media Announcement ID: openSUSE-SU-2026:10282-1 Rating: moderate Cross-References: CVE-2026-25674 CVSS scores: CVE-2026-25674 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-25674 SUSE : 6.3...
Django 安全漏洞
Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.3, 5.2.12, and 4.2.29 contain security vulnerabilities. These...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, written in Django, and serves as a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities, which were caused by improper handling of cache key...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, written in Django, and it’s a self-hosted FLOSS fitness/exercise, nutrition, and weight tracking application. Versions of WGER 2.4 and earlier contained security vulnerabilities. These vulnerabilities were due to improper filtering of que...
OESA-2026-1342 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...
SQL Injection
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the band index parameter bandlhs in checkraster lookups when using PostGIS. An attacker can execute arbitrary S...
cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2026-1287 via django (>=5.2.0 <=5.2.10)
django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...
Django 安全漏洞
Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...
Django 安全漏洞
Django is a set of open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...
Exploit for SQL Injection in Djangoproject Django
No d...
[SECURITY] Fedora 42 Update: python-django4.2-4.2.27-1.fc42
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
openSUSE 16 Security Update : python-Django (openSUSE-SU-2025-20153-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20153-1 advisory. - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 -...
BIT-DJANGO-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
OESA-2025-2790 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...
📄 Django 5.1.13 SQL Injection
Django version 5.1.13 suffers from a remote SQL injection vulnerability. Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link:...
Directory Traversal
Django is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the django.utils.archive.extract function, which allows an attacker to supply archive files with paths crafted to share a prefix with the target directory, enabling partial traversal and unintende...
SQL Injection
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the connector argument in the QuerySet.filter, QuerySet.exclude, QuerySet.get, and Q objects. A dictionary usin...
CVE-2025-64459
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...