Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006304 advisory. An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText...

OESA-2026-1342 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service

A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service DoS attack triggering Central Processing Unit CPU and memory exhaustion via specially crafted Extensible Markup Language XML input processed by the XML Deserializer...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service

A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service DoS attack triggering Central Processing Unit CPU and memory exhaustion via specially crafted Extensible Markup Language XML input processed by the XML Deserializer...

[SECURITY] [DLA 4425-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 29, 2025 https://wiki.debian.org/LTS -...

Fedora 42 : python-django4.2 (2025-b1379d950d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1379d950d advisory. - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service...

Fedora 43 : python-django5 (2025-24dfd3b072)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-24dfd3b072 advisory. - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service...

Fedora 42 : python-django5 (2025-45ee190318)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-45ee190318 advisory. - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service...

Denial Of Service (DoS)

Django is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient processing in django.core.serializers.xmlserializer.getInnerText when handling specially crafted XML input, which allows a remote attacker to trigger CPU and memory exhaustion through the XML Deserializer...

CVE-2025-64460

A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service DoS attack triggering Central Processing Unit CPU and memory exhaustion via specially crafted Extensible Markup Language XML input processed by the XML Deserializer. Mitigation Mitigatio...

OESA-2025-2851 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

OESA-2025-2850 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

OESA-2025-2789 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

OESA-2025-2790 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

SUSE CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

Linux Distros Unpatched Vulnerability : CVE-2025-64460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in...

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

CVE-2025-64460

CVE-2025-64460 is a DoS in Django related to an algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText(), where a specially crafted XML input processed by the XML Deserializer can exhaust CPU and memory. Affected series include Django 5.2 before 5.2.9, 5.1 before 5.1....