GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000175 advisory. In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of...

EUVD-2018-2180

Malware in sbrugna...

EUVD-2019-0030

Malware in sbrugna...

Malicious code in activemodel-url-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

OESA-2023-1440 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a...

PYSEC-2023-100

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 3.2.20, 4.1.10, and 4.2.3, which...

PT-2023-4169

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.19 Django versions 4 through 4.1.9 Django versions 4.2 through 4.2.2 Description: The issue is related to the EmailValidator and URLValidator components in the Django web application platform. It involves the u...

SUSE CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

SUSE CVE-2015-5145

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

SUSE CVE-2017-18361

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

GHSA-CQF7-FF9H-7967 Django ReDoS in validators.URLValidator

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

USN-5373-2 python-django vulnerabilities

USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra...

USN-5373-1 python-django vulnerabilities

It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. CVE-2022-28346 It was discovered that Django incorrectly handled certain...