7902 matches found
OPENSUSE-SU-2026:11235-1 python313-Django4-4.2.30-4.1 on GA media
These are all security issues fixed in the python313-Django4-4.2.30-4.1 package on the GA media of openSUSE Tumbleweed...
ROOT-APP-PYPI-CVE-2025-57833 CVE-2025-57833 in rootio-django - Patched by Root
Root has patched CVE-2025-57833 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-45231 CVE-2024-45231 in rootio-django - Patched by Root
Root has patched CVE-2024-45231 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-48432 CVE-2025-48432 in rootio-django - Patched by Root
Root has patched CVE-2025-48432 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-64458 CVE-2025-64458 in rootio-django - Patched by Root
Root has patched CVE-2025-64458 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-64459 CVE-2025-64459 in rootio-django - Patched by Root
Root has patched CVE-2025-64459 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2022-36359 CVE-2022-36359 in rootio-django - Patched by Root
Root has patched CVE-2022-36359 in the rootio-django package for Root:PyPI. Multiple fixed versions available...
Use of Cache Containing Sensitive Information
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware and cachepage process when responses that vary on...
Buffer Access with Incorrect Length Value
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...
Improper Neutralization
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Neutralization via the DomainNameValidator process. An attacker can inject arbitrary HTTP headers by submitting input...
CVE-2026-53877
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
CVE-2026-53878
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
CVE-2026-48588
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...
CVE-2026-53878 Header injection possibility since DomainNameValidator accepted newlines in input
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
EUVD-2026-42045
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
CVE-2026-53878
CVE-2026-53878 affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The issue lies in DomainNameValidator not prohibiting newlines in domain names, which can enable header injection if an application places such values in an HTTP response. Django itself remains unaffected because HttpResponse b...
CVE-2026-53878 Header injection possibility since DomainNameValidator accepted newlines in input
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
CVE-2026-53878
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
CVE-2026-53877 Heap buffer over-read in GDALRaster
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...
EUVD-2026-42044
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause service degradation via a potential segmentation fault when the vsibuffer...