Lucene search
K

15 matches found

vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.7 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...

3.1CVSS5.7AI score0.00359EPSS
Exploits0
NVD
NVD
added 2026/06/03 2:16 p.m.25 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 2:50 p.m.28 views

CVE-2026-6907

The CVE affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. The vulnerability lies in django.middleware.cache.UpdateCacheMiddleware, which may cache requests when the Vary header contains an asterisk (*) and thereby expose private data. This could cause private data to be stored and subsequent...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 2:50 p.m.52 views

CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/03/06 12:41 p.m.5 views

OESA-2026-1506 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

3.7CVSS5.8AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 12:39 p.m.7 views

OESA-2025-2680 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

9.1CVSS7.9AI score0.19396EPSS
Exploits11References3
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-24580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs e.g., an...

7.5CVSS6.2AI score0.62575EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 4:17 a.m.3 views

DEBIAN-CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS6.6AI score0.13969EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-6975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the...

7.5CVSS7.3AI score0.05399EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3730

The django.util.http.issafeurl function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."...

4.3CVSS7AI score0.03123EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.5 views

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, a view system, a template system, and more. A security vulnerability exists in Django versions 3.2 prior to 3.2.15 and 4.0 prior to 4.0.7...

8.8CVSS7.8AI score0.00654EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2022/01/12 7:21 p.m.4 views

ae-django-utils (=0.3.1), apollo-sdk (>=0.2.0 <=0.2.11) +32 more potentially affected by CVE-2021-45116 via django (>=4.0.0 <=4.0.0rc1)

django PYPI version =4.0.0, =0.2.0, =0.6.1, =2.16.1, =0.1.5, =1.0.7, =0.9.0, =0.4.0, =0.1.0, =0.1.1 and more Source cves: CVE-2021-45116 Source advisory: OSV:GHSA-8C5J-9R9F-C6W8...

7.5CVSS7AI score0.01855EPSS
Exploits0
OSV
OSV
added 2021/07/02 10:15 a.m.4 views

PYSEC-2021-109

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...

9.8CVSS7.2AI score0.44369EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/06/08 6:15 p.m.9 views

aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1094 more potentially affected by CVE-2021-33571 via django (>=3.2.0 <=3.2.3)

django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-33571 Source advisory: OSV:PYSEC-2021-99...

7.5CVSS7.1AI score0.03058EPSS
Exploits0
OSV
OSV
added 2019/08/02 3:15 p.m.2 views

DEBIAN-CVE-2019-14235

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

7.5CVSS6.8AI score0.03073EPSS
Exploits0References1
Rows per page
Query Builder