Astra Linux - уязвимость в python-django

A issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. This issue arises due to the use of the Django Template Language’s variable resolution logic. The dictsort template filter is potentially vulnerable to information disclosure, or an unintended method call...

CVE-2026-40353

CVE-2026-40353 affects wger (versions 2.5 and earlier) where AbstractLicenseModel.attribution_link builds HTML by directly interpolating user-controlled fields (e.g., license_author) without escaping, and templates render it with Django’s safe filter. This allows an authenticated user to store an...

PT-2026-33300

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attribution link property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields license author, license title, license object url, license author url, license derivative...

CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000162 advisory. The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

Cross-site Scripting (XSS)

Overview github.com/gofiber/template/v2/django/v2 is a template engine create by flosch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Views interface due to improper input validation. An attacker can execute malicious scripts in users' browsers when visitin...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

PT-2024-19268 · Unknown · Django Template Engine

Name of the Vulnerable Software and Affected Versions: Django template engine for Fiber versions prior to the latest patched version Description: This issue specifically impacts web applications that render user-supplied data through the Django template engine, potentially leading to the executio...

Rocky Linux 8 : Satellite 6.12 Release (Important) (RLSA-2022:8506)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8506 advisory. - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size use...

PYSEC-2023-37

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

SUSE CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a...

Malicious code in django-template-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8a4058c9a8f986347dd22fe461b25c3ae525959ed7a05da257b79c7aa4d9aad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-264 Malicious code in django-template-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8a4058c9a8f986347dd22fe461b25c3ae525959ed7a05da257b79c7aa4d9aad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview django-template-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

USN-5269-2 python-django vulnerabilities

USN-5269-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to...

UBUNTU-CVE-2022-22818

The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

PT-2022-1456 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.27 Django versions 3.2 before 3.2.12 Django versions 4.0 before 4.0.2 Description: The % debug % template tag in Django does not properly encode the current context, which may lead to XSS. This issue is related ...

PYSEC-2022-2

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a...

UBUNTU-CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a...

USN-3591-1 python-django vulnerabilities

James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service...