Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000162 advisory. The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

6.1CVSS7AI score0.03328EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000160 advisory. An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution...

7.5CVSS7.4AI score0.01855EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-12308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the...

6.1CVSS6.9AI score0.02563EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/04/13 12:0 a.m.4 views

aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28346 via django (>=2.2.0 <=2.2.27)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28346 Source advisory: OSV:GHSA-2GWJ-7JMV-H26R...

9.8CVSS6.7AI score0.18516EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/04/12 5:15 a.m.4 views

aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28347 via django (>=2.2.0 <=2.2.27)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28347 Source advisory: OSV:PYSEC-2022-191...

9.8CVSS7AI score0.02919EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/04/12 5:15 a.m.4 views

aimmo (>=0.61.9 <=1.4.11), ambition-edc (>=0.3.68 <=0.3.72) +75 more potentially affected by CVE-2022-28346 via django (>=2.2.0 <=2.2.27)

django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2022-28346 Source advisory: OSV:PYSEC-2022-190...

9.8CVSS6.7AI score0.18516EPSS
Exploits3
PyPA
PyPA
added 2022/04/12 5:15 a.m.8 views

PYSEC-2022-190

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate, aggregate, and extra methods are subject to SQL injection in column aliases via a crafted dictionary with dictionary expansion as the passed kwargs...

9.8CVSS8AI score0.18516EPSS
Exploits3References6Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/01 1:15 p.m.3 views

ambition-edc (>=0.3.68 <=0.3.72), boorunaut (=0.4.3) +46 more potentially affected by CVE-2020-24584 via django (>=2.2.0 <=2.2.15)

django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =1.0.1, =0.0.1, =0.0.1, =2.0.0, =0.3.0a0, =0.4.0b1 - django-dicom =0.0.1 - django-gov-notify =0.1.0 - django-htmx-rest =0.0.1b1 - django-ios-storekit =1.0.6 and more Source cves: CVE-2020-24584 Source advisory: OSV:PYSEC-2020-34...

7.5CVSS7AI score0.0327EPSS
Exploits0
PyPA
PyPA
added 2020/02/03 12:15 p.m.9 views

PYSEC-2020-35

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS7.9AI score0.65336EPSS
Exploits9References13Affected Software1
OSV
OSV
added 2019/08/01 10:0 a.m.2 views

UBUNTU-CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.8AI score0.03172EPSS
Exploits0References3
Rows per page
Query Builder