CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS7.7AI score0.13969EPSS

Exploits0References3

NVD•added 2025/04/02 1:15 p.m.•20 views

CVE-2025-27556

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...

7.5CVSS0.00859EPSS

Exploits1References4

OSV•added 2025/01/14 7:15 p.m.•10 views

CVE-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

7.5CVSS5.5AI score

Exploits0References5

OSV•added 2024/03/20 3:35 a.m.•10 views

MGASA-2024-0075 Updated python-django package fixes a security vulnerability

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. CVE-2024-27351...

5.3CVSS6.5AI score0.01854EPSS

Exploits0References2

Github Security Blog•added 2022/10/16 12:0 p.m.•26 views

Django denial-of-service vulnerability in internationalized URLs

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression...

7.5CVSS7.4AI score0.0272EPSS

Exploits0References15Affected Software1

UbuntuCve•added 2020/09/01 10:0 a.m.•34 views

CVE-2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ is used. FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level...

7.5CVSS7.1AI score0.03969EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by