arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.4.13) +38 more potentially affected by CVE-2026-5766 via django (>=6.0.0 <=6.0.4)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 - django-tasks-aws =0.2.0b1 and more Source cves: CVE-2026-5766 Source advisory: OSV:GHSA-W26R-RMM8-9C29...

PT-2026-6030

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.2 Django versions prior to 5.2.11 Django versions prior to 4.2.28 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description A SQL injection flaw exists in...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra methods when a specially crafted dictionary is passed using dictionary expansion as kwargs, leading to unsafe column aliases on MySQL and...

Improper Output Neutralization for Logs

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the request.path function used by HTTP responses, which allows control characters to ...

SUSE CVE-2020-15105

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...