SUSE CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

PT-2026-37127

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.17.1 Description When a user changes their password, browser sessions are invalidated using the cycle session keys function, but Django REST Framework DRF API tokens with the wlu prefix stored in authtoken token are...

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of BasicAuthentication as the default...

CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

GHSA-87X4-J8VH-P5QF Plane is Vulnerable to Unauthenticated Workspace Member Information Disclosure

Executive Summary A security vulnerability exists in the Plane project management platform that allows unauthenticated attackers to enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django RE...

OPENSUSE-SU-2026:10115-1 python311-djangorestframework-3.16.1-2.1 on GA media

These are all security issues fixed in the python311-djangorestframework-3.16.1-2.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2020-0073

Malware in sbrugna...

EUVD-2022-6453

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25626

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properl...

Linux Distros Unpatched Vulnerability : CVE-2018-25045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. CVE-2018-2504...

CVE-2018-25045

Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...

SUSE CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting XSS via the breaklongheaders template filter due to improper input sanitization before splitting and joining with tags...

SUSE CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

alcali (>=2018.3.1 <=3006.3.0), arccanet (>=0.0.1 <=0.0.7) +68 more potentially affected by CVE-2024-22513 via djangorestframework-simplejwt (>=4.3.0 <=5.5.0)

djangorestframework-simplejwt PYPI version =4.3.0, =2018.3.1, =0.0.1, =0.0.6, =0.0.8, =1.0.0, =0.0.3, =1.0.0, =0.1.7, =0.4.0, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =0.2.1, =1.0.0, =1.3.8 and more Source cves: CVE-2024-22513 Source advisory: OSV:GHSA-5VCC-86WM-547Q...

Simple JWT Security Vulnerability

Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...

SUSE CVE-2018-25045

Django REST framework aka django-rest-framework before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping...

SUSE CVE-2020-25626

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...