arches (=8.0.0a1), desktop-django-starter (=0.1.0) +31 more potentially affected by CVE-2026-33034 via django (>=6.0.0 <=6.0.3)

django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =0.1.4 and more Source cves: CVE-2026-33034 Source advisory: SNYK:PYTHON-DJANGO-15923566...

Updated python-django packages fix security vulnerability

Potential incorrect permissions on newly created file system objects. CVE-2026-25674...

MGASA-2025-0320 Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...

Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

MGASA-2025-0193 Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

MGASA-2025-0095 Updated python-django packages fix security vulnerability

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. CVE-2025-26699...

MGASA-2023-0026 Updated python-django packages fix security vulnerability

Internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. CVE-2022-41323 Potential denial-of-service via Accept-Language headers CVE-2023-23969...

MGASA-2022-0190 Updated python-django packages fix security vulnerability

Potential SQL injection in QuerySet.annotate, aggregate, and extra CVE-2022-28346 Potential SQL injection via QuerySet.explainoptions on PostgreSQL QuerySet.explain CVE-2022-28347...

MGASA-2021-0552 Updated python-django packages fix security vulnerability

Potential bypass of an upstream access control based on URL paths. CVE-2021-44420 HTTP requests for URLs with trailing newlines could bypass an upstream access control based on URL paths...

MGASA-2018-0166 Updated python-django packages fix security vulnerabilities

The python-django package has been updated to fix 2 security issues. CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters. CVE-2018-7537: Denial-of-service possibility in truncatecharshtml and truncatewordshtml template filters...

MGASA-2014-0366 Updated python-django packages fix multiple vulnerabilities

Updated python-django and python-django14 packages fix security vulnerabilities: These releases address an issue with reverse generating external URLs CVE-2014-0480; a denial of service involving file uploads CVE-2014-0481; a potential session hijacking issue in the remote-user middleware...