10 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000162)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000162 advisory. The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000160)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000160 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution...
Linux Distros Unpatched Vulnerability : CVE-2019-12308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28346 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28346 Source advisory: OSV:GHSA-2GWJ-7JMV-H26R...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:PYSEC-2022-191...
aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28346 via django (>=2.2.0 <=2.2.27)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28346 Source advisory: OSV:PYSEC-2022-190...
PYSEC-2022-190
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...
ambition-edc (>=0.3.68 <=0.3.72), boorunaut (=0.4.3) +46 more potentially affected by CVE-2020-24584 via django (>=2.2.0 <=2.2.15)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =1.0.1, =0.0.1, =0.0.1, =2.0.0, =0.3.0a0, =0.4.0b1 - django-dicom =0.0.1 - django-gov-notify =0.1.0 - django-htmx-rest =0.0.1b1 - django-ios-storekit =1.0.6 and more Source cves: CVE-2020-24584 Source advisory: OSV:PYSEC-2020-34...
PYSEC-2020-35
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
UBUNTU-CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...