11 matches found
Fedora 42 : python-django4.2 (2026-ca3d81129a)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca3d81129a advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...
OESA-2026-1343 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
Security update for python-Django
This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...
SUSE-SU-2026:0440-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 - CVE-2026-1287: Fixed potential SQL...
OPENSUSE-SU-2026:20184-1 Security update for python-Django
This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters bsc1257407. -...
OESA-2026-1307 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...
Updated python-django packages fix security vulnerabilities
Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...
Security update for python-Django (important)
openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2026:0037-1 Rating: important References: 1257401 1257405 1257406 1257407 1257408 Cross-References: CVE-2025-13473 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312 CVSS scores: CVE-2025-13473 SUSE: 7.5...
CVE-2026-1285
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
PYSEC-2023-226
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...
PT-2018-1903 · Django +1 · Django +1
Name of the Vulnerable Software and Affected Versions: Django versions 2.0 before 2.0.3 Django versions 1.11 before 1.11.11 Django versions 1.8 before 1.8.19 Description: The issue is related to a catastrophic backtracking vulnerability in a regular expression used by the...