Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.3 views

CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

5.9AI score0.00689EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.7 views

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1287 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1287 Source advisory: SNYK:PYTHON-DJANGO-15198932...

8.3CVSS7.2AI score0.00754EPSS
Exploits0
OSV
OSV
added 2026/02/03 3:30 p.m.3 views

GHSA-6426-9FV3-65X8 Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.4CVSS7.1AI score0.00802EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2026/02/03 3:30 p.m.8 views

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2025-13473 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13473 Source advisory: OSV:GHSA-2MCM-79HX-8FXW...

5.3CVSS5.8AI score0.00713EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000172 advisory. An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential...

7.5CVSS7AI score0.01606EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.5 views

TencentOS Server 4: python-django (TSSA-2025:0857)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0857 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS6.6AI score0.01854EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/05/08 4:17 a.m.5 views

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +110 more potentially affected by CVE-2025-32873 via django (>=4.2.0 <=4.2.20)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-32873 Source advisory: OSV:PYSEC-2025-37...

5.3CVSS6.7AI score0.14243EPSS
Exploits0
Rows per page
Query Builder