EUVD-2026-19646

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

The vulnerability of the contrib.postgres.aggregates.StringAgg component in the Django web application framework allows a hacker to access confidential data, compromise its integrity, and cause service failures due to improper handling of SQL queries.

The vulnerability of the contrib.postgres.aggregates.StringAgg component in the Django web application framework is related to the lack of measures to protect the structure of web pages. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...