CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

Python Library Django 4.2.x < 4.2.30 / 5.2.x < 5.2.13 / 6.0.x < 6.0.4 Multiple Vulnerabilities

The detected version of the Django Python package is 4.2.x prior to 4.2.30, 5.2.x prior to 5.2.13, or 6.0.x prior to 6.0.4. It is, therefore, affected by multiple vulnerabilities, including: - ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +27 more potentially affected by CVE-2026-4292 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-4292 Source advisory: OSV:GHSA-MMWR-2JHP-MC7J...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +27 more potentially affected by CVE-2026-33033 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-33033 Source advisory: OSV:GHSA-5MF9-H53Q-7MHQ...

CVE-2026-3902

The CVE-2026-3902 entry describes a header-spoofing issue in Django with ASGIRequest, caused by ambiguous mapping of header names that can be hyphenated or underscored. Affected are Django releases: 6.0 up to 6.0.4, 5.2 up to 5.2.13, and 4.2 up to 4.2.30. The vulnerability allows a remote attacke...

python313-Django6-6.0.3-1.1 on GA media (moderate)

python313-Django6-6.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10283-1 Rating: moderate Cross-References: CVE-2026-25674 CVSS scores: CVE-2026-25674 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-25674 SUSE : 6.3...

OPENSUSE-SU-2026:10292-1 python311-Django-5.2.12-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.12-1.1 package on the GA media of openSUSE Tumbleweed...

python311-Django-5.2.11-1.1 on GA media (moderate)

python311-Django-5.2.11-1.1 on GA media Announcement ID: openSUSE-SU-2026:10160-1 Rating: moderate Cross-References: CVE-2025-13473 CVE-2025-14550 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312 CVSS scores: CVE-2025-13473 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +21 more potentially affected by CVE-2026-1285 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-1285 Source advisory: SNYK:PYTHON-DJANGO-15199281...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2025-13473 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-1287 via django (>=4.2.0 <=4.2.27)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-1287 Source advisory: OSV:GHSA-GVG8-93H5-G6QQ...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +21 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-13473 Source advisory: OSV:PYSEC-2026-42...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-13372 via django (>=5.1.0 <=5.1.14)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...

OESA-2025-2678 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

Mageia: Security Advisory (MGASA-2025-0243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2013-0007

Malware in sbrugna...

OPENSUSE-SU-2025:15598-1 python311-Django-5.2.7-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.7-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 41 Update: python-django5-5.1.10-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

OESA-2025-1617 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 Content Management System.CWE is classifying the issue as CWE-117. The product does n...

Python Library Django 4.2.x < 4.2.22 / 5.1.x < 5.1.10 / 5.2.x < 5.2.2 Log Injection

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.22, 5.1.x prior to 5.1.10 or 5.2.x prior to 5.2.2. It is, therefore, affected by a log injection vulnerability as disclosed in Django's June 4th, 2025 security advisory. Internal HTTP response logging does not escape...