admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4292 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4292 Source advisory: OSV:GHSA-MMWR-2JHP-MC7J...

OPENSUSE-SU-2026:10282-1 python311-Django4-4.2.29-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.29-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2026-5251

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-64459 via django (>=4.2.0 <=4.2.25)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-64459 Source advisory: OSV:PYSEC-2025-108...

CVE-2025-57833

CVE-2025-57833 affects Django 4.2 (pre-4.2.24), 5.1 (pre-5.1.12), and 5.2 (pre-5.2.6). The vulnerability arises in FilteredRelation where SQL injection can occur via column aliases when a crafted dictionary is expanded through **kwargs passed to QuerySet.annotate() or QuerySet.alias(). The issue ...

CVE-2024-42005

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

Django Security Vulnerabilities

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 4.2 up to and including version 4.2.14 and...

Fedora 40 : python-django (2024-5c7fb64c74)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5c7fb64c74 advisory. Security fix for CVE-2024-24680 and CVE-2024-27351 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Mageia: Security Advisory (MGASA-2024-0075)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-1229 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service...

OESA-2024-1165 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service...

SUSE CVE-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...