Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

MAL-2026-6230 Malicious code in django-auth-middleware-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec On import, djangoauthmiddlewareplus/init.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environme...

Django - Open Redirect

Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPENDSLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a...

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

ROOT-APP-PYPI-CVE-2025-57833 CVE-2025-57833 in rootio-django - Patched by Root

Root has patched CVE-2025-57833 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-64458 CVE-2025-64458 in rootio-django - Patched by Root

Root has patched CVE-2025-64458 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2025-64459 CVE-2025-64459 in rootio-django - Patched by Root

Root has patched CVE-2025-64459 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

[SECURITY] Fedora 43 Update: python-django5-5.2.15-1.fc43

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 44 Update: python-django5-5.2.15-1.fc44

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...

Fedora 43 : python-django5 (2026-f140cb16b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...

python313-Django6-6.0.6-1.1 on GA media (moderate)

python313-Django6-6.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:11003-1 Rating: moderate Cross-References: CVE-2026-35193 CVE-2026-48587 CVE-2026-6873 CVE-2026-7666 CVE-2026-8404 CVSS scores: CVE-2026-35193 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-35193 SUSE : 8....

OESA-2026-2661 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

OESA-2026-2660 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

OESA-2026-2659 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20937-1 Rating: important References: bsc1267576 bsc1267577 bsc1267578 bsc1267579 bsc1267580 Cross-References: CVE-2026-35193 CVE-2026-48587...

OPENSUSE-SU-2026:11003-1 python313-Django6-6.0.6-1.1 on GA media

These are all security issues fixed in the python313-Django6-6.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:11002-1 python311-Django-5.2.15-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.15-1.1 package on the GA media of openSUSE Tumbleweed...