CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

PYSEC-2026-201

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00038EPSS

Exploits0References3Affected Software1

PyPA•added 5 days ago•3 views

PYSEC-2026-198

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00037EPSS

Exploits0References3Affected Software1

OPENSUSE Linux•added 2026/04/17 12:0 a.m.•5 views

python311-Django-5.2.13-1.1 on GA media (moderate)

python311-Django-5.2.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10567-1 Rating: moderate Cross-References: CVE-2026-33033 CVE-2026-33034 CVE-2026-3902 CVE-2026-4277 CVE-2026-4292 CVSS scores: CVE-2026-33033 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-33033 SUSE : 6....

6.9CVSS5.8AI score0.00049EPSS

Exploits1

NVD•added 2026/03/26 7:17 p.m.•3 views

CVE-2026-33149

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

8.1CVSS0.00052EPSS

Exploits1References1

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2026:0440-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0440-1 advisory. - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potenti...

7.5CVSS5.9AI score0.06568EPSS

Exploits2References19

OPENSUSE Linux•added 2026/01/04 12:0 a.m.•8 views

python312-Django6-6.0-1.1 on GA media (moderate)

python312-Django6-6.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10005-1 Rating: moderate Cross-References: CVE-2015-3982 CVE-2015-5145 CVE-2015-5963 CVE-2016-7401 CVE-2017-12794 CVE-2017-7233 CVE-2017-7234 CVE-2018-16984 CVE-2018-6188 CVE-2018-7536 CVE-2018-7537 CVE-2019-11358...

9.8CVSS8.2AI score0.92834EPSS

Exploits45

OSV•added 2025/12/12 12:21 p.m.•2 views

OESA-2025-2849 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.00006EPSS

Exploits0References2

OSV•added 2025/11/14 12:39 p.m.•6 views

OESA-2025-2679 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

9.1CVSS7.8AI score0.00296EPSS

Exploits11References3

OSV•added 2025/11/07 12:0 a.m.•2 views

OPENSUSE-SU-2025:15712-1 python311-Django-5.2.8-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.8-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS7.1AI score0.00296EPSS

Exploits10References1

OSV•added 2025/10/11 1:20 p.m.•2 views

OESA-2025-2378 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to S...

9.8CVSS7.9AI score0.00019EPSS

Exploits0References3

Vulnrichment•added 2025/10/09 8:57 p.m.•2 views

CVE-2025-61783 Python Social Auth - Django has unsafe account association

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the associatebyemail pipeline was not included. This could lead to account compromise when a third-party authentication service doe...

6.3CVSS6.5AI score0.00081EPSS

Exploits0References6

RedHat Linux•added 2025/10/07 2:28 p.m.•9 views

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.1CVSS7.5AI score0.00074EPSS

Exploits4References2