764 matches found
CVE-2026-53877
A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...
Buffer Access with Incorrect Length Value
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...
EUVD-2026-42045
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
Linux Distros Unpatched Vulnerability : CVE-2026-53877
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed fr...
TencentOS Server 4: python-django (TSSA-2026:0341)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0341 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
SUSE CVE-2026-8404
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...
SUSE CVE-2026-35193
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...
CVE-2026-48587
A flaw was found in Django. Remote attackers can exploit this vulnerability due to django.utils.cache.hasvaryheader not properly stripping whitespace from Vary response header values. This allows an attacker to read cached responses by sending requests to URLs with whitespace-padded Vary header...
CVE-2026-6873
A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-48587 via django (>=5.0.0 <=5.2.14)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-48587 Source advisory: SNYK:PYTHON-DJANGO-17151772...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-6873 via django (>=5.0.0 <=5.2.14)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-6873 Source advisory: SNYK:PYTHON-DJANGO-17151728...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the getsignedcookie function. An attacker can access data intended for a different context by crafting distinct name, salt pairs that result in the same concatenated value. Remediation...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-7666 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-7666 Source advisory: SNYK:PYTHON-DJANGO-17151727...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-8404 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-7666 via django (>=5.2.0 <=5.2.14)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-7666 Source advisory: OSV:PYSEC-2026-200...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-8404 via django (>=5.2.0 <=5.2.14)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-8404 Source advisory: OSV:PYSEC-2026-201...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-8404 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-8404 Source advisory: OSV:PYSEC-2026-201...
arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-6873 via django (>=6.0.0 <=6.0.5)
django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-6873 via django (>=5.2.0 <=5.2.14)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...