Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016792 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True a...

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

Astra Linux - уязвимость в python-django

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True, as well as the truncatewordshtml template filter, are vulnerable to a denial-of-service attack via a crafted regular expression. NOTE: This issue persists due to an...

Astra Linux - уязвимость в python-django

A issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the truncatecharshtml and truncatewordshtml template filters, allow a remote attacker to cause a potential...

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

Fedora 42 : python-django4.2 (2026-ca3d81129a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca3d81129a advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

Fedora 42 : python-django5 (2026-00b5bf3150)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-00b5bf3150 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

OESA-2026-1343 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...

SUSE-SU-2026:0440-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 - CVE-2026-1287: Fixed potential SQL...

Denial Of Service

Django is vulnerable to Denial Of Service. The vulnerability is due to inefficient processing of unmatched HTML end tags in Truncator.chars and Truncator.words with html=True and related template filters, where crafted input containing a large number of unmatched closing tags can trigger excessiv...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20184-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20184-1 advisory. Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287:...

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20184-1 Rating: important References: bsc1257401 bsc1257403 bsc1257405 bsc1257406 bsc1257407 bsc1257408 Cross-References: CVE-2025-13473...

OPENSUSE-SU-2026:20184-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters bsc1257407. -...

OESA-2026-1308 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

OESA-2026-1307 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

Updated python-django packages fix security vulnerabilities

Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...

MGASA-2026-0032 Updated python-django packages fix security vulnerabilities

Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...