Search for packages
| purl | pkg:deb/debian/python-django@1.2.3-3%2Bsqueeze10 |
| Next non-vulnerable version | 3:3.2.25-0+deb12u3 |
| Latest non-vulnerable version | 3:5.2.15-2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13q1-fzeg-bfd9
Aliases: BIT-django-2026-1312 CVE-2026-1312 GHSA-6426-9fv3-65x8 PYSEC-2026-47 |
Affected by 17 other vulnerabilities. |
|
|
VCID-14vg-wbxe-6ffj
Aliases: CVE-2015-0220 GHSA-gv98-g628-m9x5 PYSEC-2015-5 |
security update |
Affected by 104 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-19se-3ng9-c7bw
Aliases: BIT-django-2023-24580 CVE-2023-24580 GHSA-2hrw-hx67-34x6 PYSEC-2023-13 |
Affected by 43 other vulnerabilities. |
|
|
VCID-1d73-dpsg-wkhk
Aliases: CVE-2016-2512 GHSA-pw27-w7w4-9qc7 PYSEC-2016-15 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
VCID-1zk7-jhxe-2kc4
Aliases: CVE-2015-2316 GHSA-j3j3-jrfh-cm2w PYSEC-2015-18 |
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. |
Affected by 84 other vulnerabilities. |
|
VCID-27gm-2u1q-skh1
Aliases: BIT-django-2020-13254 CVE-2020-13254 GHSA-wpjr-j57x-wxfw PYSEC-2020-31 |
security update |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
VCID-2dx7-qahc-d3ex
Aliases: CVE-2019-12781 GHSA-6c7v-2f49-8h26 PYSEC-2019-10 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-2hue-z18t-nkbf
Aliases: CVE-2019-14235 GHSA-v9qg-3j8p-r63v PYSEC-2019-14 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-2qu4-qayw-a7ec
Aliases: BIT-django-2020-24583 CVE-2020-24583 GHSA-m6gj-h9gm-gw44 PYSEC-2020-33 |
Affected by 43 other vulnerabilities. |
|
|
VCID-2sve-8b9b-hud7
Aliases: BIT-django-2022-23833 CVE-2022-23833 GHSA-6cw3-g6wv-c2xv PYSEC-2022-20 |
Affected by 43 other vulnerabilities. |
|
|
VCID-38w8-jbku-eugu
Aliases: BIT-django-2021-45452 CVE-2021-45452 GHSA-jrh2-hc4r-7jwx PYSEC-2022-3 |
Affected by 43 other vulnerabilities. |
|
|
VCID-3arc-t7n7-53ew
Aliases: CVE-2016-9013 GHSA-mv8g-fhh6-6267 PYSEC-2016-17 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-3cx2-befu-wua4
Aliases: CVE-2019-6975 GHSA-wh4h-v3f2-r2pp PYSEC-2019-18 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-4b76-zn8f-sfd1
Aliases: CVE-2011-4137 GHSA-3jqw-crqj-w8qw PYSEC-2011-2 |
Denial of service in django |
Affected by 104 other vulnerabilities. |
|
VCID-4v6q-ktnr-gue3
Aliases: CVE-2015-5963 GHSA-pgxh-wfw4-jx2v PYSEC-2015-22 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. |
|
VCID-4xtu-yeh2-pbc8
Aliases: BIT-django-2026-1285 CVE-2026-1285 GHSA-4rrr-2h4v-f3j9 PYSEC-2026-45 |
Affected by 17 other vulnerabilities. |
|
|
VCID-55n8-mzj7-z7hh
Aliases: CVE-2015-5143 GHSA-h582-2pch-3xv3 PYSEC-2015-20 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. |
|
VCID-577n-ucjg-9udw
Aliases: CVE-2018-7537 GHSA-2f9x-5v75-3qv4 PYSEC-2018-6 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-5bnx-5d1x-k3by
Aliases: CVE-2015-0222 GHSA-6g95-x6cj-mg4v PYSEC-2015-7 |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. |
Affected by 84 other vulnerabilities. |
|
VCID-5zzj-9ez5-6ub1
Aliases: BIT-django-2021-32052 CVE-2021-32052 GHSA-qm57-vhq3-3fwf PYSEC-2021-8 |
Affected by 43 other vulnerabilities. |
|
|
VCID-6tdg-t4nv-sbha
Aliases: BIT-django-2023-36053 CVE-2023-36053 GHSA-jh3w-4vvf-mjgr PYSEC-2023-100 |
Affected by 43 other vulnerabilities. |
|
|
VCID-6uja-brvn-rufw
Aliases: BIT-django-2021-45115 CVE-2021-45115 GHSA-53qw-q765-4fww PYSEC-2022-1 |
Affected by 43 other vulnerabilities. |
|
|
VCID-72z9-v49q-vbcc
Aliases: BIT-django-2025-64460 CVE-2025-64460 GHSA-vrcr-9hj9-jcg6 PYSEC-2025-109 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-76b8-e9q1-w3ey
Aliases: CVE-2011-0696 GHSA-5j2h-h5hg-3wf8 PYSEC-2011-10 PYSEC-2011-30 |
Cross-site request forgery in Django |
Affected by 104 other vulnerabilities. |
|
VCID-78kz-svj1-ruet
Aliases: BIT-django-2024-41989 CVE-2024-41989 GHSA-jh75-99hh-qvx9 PYSEC-2024-67 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-7kbt-73z6-wfar
Aliases: CVE-2013-4315 GHSA-vjjp-9r83-22rc PYSEC-2013-20 |
directory traversal |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-7kj8-kfda-wfhj
Aliases: CVE-2017-7233 GHSA-37hp-765x-j95x PYSEC-2017-9 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-7spe-cayc-4qb4
Aliases: BIT-django-2023-31047 CVE-2023-31047 GHSA-r3xc-prgr-mg9p PYSEC-2023-61 |
Affected by 43 other vulnerabilities. |
|
|
VCID-7vck-9u91-1yca
Aliases: CVE-2013-1665 GHSA-x64m-686f-fmm3 |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. |
Affected by 104 other vulnerabilities. |
|
VCID-7xx2-z2tg-7khd
Aliases: CVE-2019-19844 GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-81b9-uqyv-kkhm
Aliases: BIT-django-2025-13372 CVE-2025-13372 GHSA-rqw2-ghq9-44m7 PYSEC-2025-104 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-8894-d73g-xbah
Aliases: BIT-django-2024-39329 CVE-2024-39329 GHSA-x7q2-wr7g-xqmf PYSEC-2024-57 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-9749-wxyn-4qb1
Aliases: CVE-2012-3443 GHSA-59w8-4wm2-4xw8 PYSEC-2012-3 |
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. |
Affected by 104 other vulnerabilities. |
|
VCID-9ge1-u71f-rbaw
Aliases: BIT-django-2023-41164 CVE-2023-41164 GHSA-7h4p-27mh-hmrw PYSEC-2023-225 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-9mmy-6rvf-1qbp
Aliases: CVE-2015-8213 GHSA-6wcr-wcqm-3mfh PYSEC-2015-11 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-9qxj-9mb9-7bcv
Aliases: BIT-django-2021-28658 CVE-2021-28658 GHSA-xgxc-v2qg-chmh PYSEC-2021-6 |
Affected by 43 other vulnerabilities. |
|
|
VCID-a36b-7nxc-5ffg
Aliases: CVE-2015-2241 GHSA-6565-fg86-6jcx PYSEC-2015-8 |
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property. |
Affected by 84 other vulnerabilities. |
|
VCID-a4fn-xf8s-tye5
Aliases: BIT-django-2024-53907 CVE-2024-53907 GHSA-8498-2h75-472j PYSEC-2024-156 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-b97e-fw2q-nqhk
Aliases: CVE-2014-0480 GHSA-f7cm-ccfp-3q4r PYSEC-2014-4 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-bbq5-1gpd-nqeh
Aliases: CVE-2011-0697 GHSA-8m3r-rv5g-fcpq PYSEC-2011-11 PYSEC-2011-31 |
Cross-site scripting in django |
Affected by 104 other vulnerabilities. |
|
VCID-beas-dwx6-1ffp
Aliases: BIT-django-2025-64459 CVE-2025-64459 GHSA-frmv-pr5f-9mcr PYSEC-2025-108 |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue. |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-bu3p-xsjx-mfb2
Aliases: BIT-django-2024-39330 CVE-2024-39330 GHSA-9jmf-237g-qf46 PYSEC-2024-58 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-cece-1mun-ckgh
Aliases: BIT-django-2022-22818 CVE-2022-22818 GHSA-95rw-fx8r-36v6 PYSEC-2022-19 |
Affected by 43 other vulnerabilities. |
|
|
VCID-cv4x-17kp-bufm
Aliases: DSA-2740-2 python-django |
regression |
Affected by 104 other vulnerabilities. |
|
VCID-d2cw-526n-mbem
Aliases: BIT-django-2024-27351 CVE-2024-27351 GHSA-vm8q-m57g-pff3 PYSEC-2024-47 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-dahb-k16x-vuf8
Aliases: CVE-2019-14234 GHSA-6r97-cj55-9hrq PYSEC-2019-13 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-db6w-yj8t-sfg4
Aliases: BIT-django-2025-57833 CVE-2025-57833 GHSA-6w2r-r2m5-xq5w PYSEC-2025-105 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-djh3-m1t4-2qe1
Aliases: BIT-django-2020-13596 CVE-2020-13596 GHSA-2m34-jcjv-45xf PYSEC-2020-32 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-dqpz-q718-pkas
Aliases: BIT-django-2026-1287 CVE-2026-1287 GHSA-gvg8-93h5-g6qq PYSEC-2026-46 |
Affected by 17 other vulnerabilities. |
|
|
VCID-dr33-d1ck-wycg
Aliases: CVE-2014-1418 GHSA-q7q2-qf2q-rw3w PYSEC-2014-19 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-dttw-t3a9-gbbn
Aliases: BIT-django-2021-31542 CVE-2021-31542 GHSA-rxjp-mfm9-w4wr PYSEC-2021-7 |
Affected by 43 other vulnerabilities. |
|
|
VCID-e2vb-tg4t-4ye3
Aliases: CVE-2011-4140 GHSA-h95j-h2rv-qrg4 PYSEC-2011-5 |
Django Cross-Site Request Forgery vulnerability |
Affected by 104 other vulnerabilities. |
|
VCID-e331-cbgc-hubm
Aliases: BIT-django-2025-13473 CVE-2025-13473 GHSA-2mcm-79hx-8fxw PYSEC-2026-42 |
Affected by 17 other vulnerabilities. |
|
|
VCID-e36z-3vcv-8qaw
Aliases: CVE-2012-3444 GHSA-5h2q-4hrp-v9rr PYSEC-2012-4 |
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. |
Affected by 104 other vulnerabilities. |
|
VCID-eay8-gdua-p3b5
Aliases: CVE-2016-7401 GHSA-crhm-qpjc-cm64 PYSEC-2016-3 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-fmpr-bhrf-17gm
Aliases: BIT-django-2022-34265 CVE-2022-34265 GHSA-p64x-8rxx-wf6q PYSEC-2022-213 |
Affected by 43 other vulnerabilities. |
|
|
VCID-fsgd-8jz7-zkdn
Aliases: CVE-2014-0473 GHSA-89hj-xfx5-7q66 PYSEC-2014-2 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-fwwm-7y13-y3dx
Aliases: BIT-django-2025-59681 CVE-2025-59681 GHSA-hpr9-3m2g-3j9p PYSEC-2025-106 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-g248-57nr-6bb5
Aliases: CVE-2018-6188 GHSA-rf4j-j272-fj86 PYSEC-2018-4 |
information disclosure |
Affected by 60 other vulnerabilities. |
|
VCID-gfad-ffzw-g3hv
Aliases: CVE-2016-6186 GHSA-c8c8-9472-w52h PYSEC-2016-2 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-gtkn-prux-vbdb
Aliases: BIT-django-2022-28346 CVE-2022-28346 GHSA-2gwj-7jmv-h26r PYSEC-2022-190 |
Affected by 43 other vulnerabilities. |
|
|
VCID-gze2-htrx-vqdb
Aliases: CVE-2013-4249 GHSA-4894-5vqc-6r2r PYSEC-2013-19 |
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. |
Affected by 91 other vulnerabilities. |
|
VCID-h328-c9gp-9ybg
Aliases: CVE-2014-0483 GHSA-rw75-m7gp-92m3 PYSEC-2014-7 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-j3bz-6jqe-ffgm
Aliases: BIT-django-2021-44420 CVE-2021-44420 GHSA-v6rh-hp5x-86rv PYSEC-2021-439 |
Affected by 43 other vulnerabilities. |
|
|
VCID-j4ne-tepw-mfhj
Aliases: CVE-2018-14574 GHSA-5hg3-6c2f-f3wr PYSEC-2018-2 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-j4rs-235r-dkfj
Aliases: BIT-django-2023-43665 CVE-2023-43665 GHSA-h8gc-pgj2-vjm3 PYSEC-2023-226 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-jg94-y9zx-dfaw
Aliases: CVE-2019-14232 GHSA-c4qh-4vgv-qc6g PYSEC-2019-11 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-jspj-r34n-jubz
Aliases: BIT-django-2023-23969 CVE-2023-23969 GHSA-q2jf-h9jm-m7p4 PYSEC-2023-12 |
Affected by 43 other vulnerabilities. |
|
|
VCID-kgw9-ng5a-jucv
Aliases: CVE-2016-9014 GHSA-3f2c-jm6v-cr35 PYSEC-2016-18 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-ksz3-46mb-9bbt
Aliases: CVE-2019-3498 GHSA-337x-4q8g-prc5 PYSEC-2019-17 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-mb3h-bnss-5bcj
Aliases: CVE-2015-0219 GHSA-7qfw-j7hp-v45g PYSEC-2015-4 |
security update |
Affected by 104 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-mja4-jz67-kbh6
Aliases: BIT-django-2024-56374 CVE-2024-56374 GHSA-qcgg-j2x8-h9g8 PYSEC-2025-1 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-ndqd-kuk7-w3ap
Aliases: CVE-2010-4534 GHSA-fwr5-q9rx-294f PYSEC-2011-28 PYSEC-2011-8 |
Improper query string handling in Django |
Affected by 104 other vulnerabilities. |
|
VCID-neyk-7kmz-wqc9
Aliases: CVE-2010-4535 GHSA-7wph-fc4w-wqp2 PYSEC-2011-29 PYSEC-2011-9 |
Improper date handling in Django |
Affected by 104 other vulnerabilities. |
|
VCID-nhzy-7qdm-wbg8
Aliases: BIT-django-2022-41323 CVE-2022-41323 GHSA-qrw5-5h28-6cmg PYSEC-2022-304 |
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. |
Affected by 43 other vulnerabilities. |
|
VCID-nwtr-br34-qkbv
Aliases: BIT-django-2020-24584 CVE-2020-24584 GHSA-fr28-569j-53c4 PYSEC-2020-34 |
Affected by 43 other vulnerabilities. |
|
|
VCID-nx56-nstj-m7bs
Aliases: CVE-2012-4520 GHSA-2655-q453-22f9 PYSEC-2012-7 |
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. |
Affected by 104 other vulnerabilities. |
|
VCID-p1ft-8wjr-k7fh
Aliases: CVE-2013-6044 GHSA-9cwg-mhxf-hh59 PYSEC-2013-21 |
cross-site scripting vulnerability |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-pa7r-7c7r-wfbp
Aliases: CVE-2012-3442 GHSA-78vx-ggch-wghm PYSEC-2012-2 |
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. |
Affected by 104 other vulnerabilities. |
|
VCID-pmhc-yu6r-uudy
Aliases: CVE-2025-59682 GHSA-q95w-c7qg-hrff |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-pn2d-2euz-pudt
Aliases: BIT-django-2026-1207 CVE-2026-1207 GHSA-mwm9-4648-f68q PYSEC-2026-44 |
Affected by 17 other vulnerabilities. |
|
|
VCID-pp8x-52ke-qbhj
Aliases: CVE-2017-12794 GHSA-9r8w-6x8c-6jr9 PYSEC-2017-44 |
Django vulnerable to XSS on 500 pages |
Affected by 60 other vulnerabilities. |
|
VCID-q7cr-3q35-zqeb
Aliases: CVE-2016-2048 GHSA-46x4-9jmv-jc8p PYSEC-2016-14 |
Affected by 70 other vulnerabilities. |
|
|
VCID-q9zk-pp6y-m7hu
Aliases: CVE-2017-7234 GHSA-h4hv-m4h4-mhwg PYSEC-2017-10 |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
|
VCID-qjwt-hqsa-7bh2
Aliases: BIT-django-2024-42005 CVE-2024-42005 GHSA-pv4p-cwwg-4rph PYSEC-2024-70 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-qwdg-jeya-fuer
Aliases: CVE-2013-0305 GHSA-r7w6-p47g-vj53 PYSEC-2013-16 |
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. |
Affected by 104 other vulnerabilities. |
|
VCID-rcfr-czct-xucv
Aliases: CVE-2019-19118 GHSA-hvmf-r92r-27hr PYSEC-2019-15 |
Multiple vulnerabilities have been found in Django, the worst of which could result in privilege escalation. |
Affected by 43 other vulnerabilities. |
|
VCID-s37h-qzm1-zubw
Aliases: CVE-2011-4136 GHSA-x88j-93vc-wpmp PYSEC-2011-1 |
Session manipulation in Django |
Affected by 104 other vulnerabilities. |
|
VCID-s9u4-39qe-pkh2
Aliases: BIT-django-2025-32873 CVE-2025-32873 GHSA-8j24-cjrq-gr2m PYSEC-2025-37 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-ss1p-jz2s-wyh7
Aliases: CVE-2014-0474 GHSA-wqjj-hx84-v449 PYSEC-2014-3 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-szp5-kxju-ffa4
Aliases: BIT-django-2024-39614 CVE-2024-39614 GHSA-f6f8-9mx6-9mx2 PYSEC-2024-59 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-ted5-qgyr-7ucf
Aliases: CVE-2014-0482 GHSA-625g-gx8c-xcmg PYSEC-2014-6 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-tr9m-84nc-x3cw
Aliases: CVE-2014-0472 GHSA-rvq6-mrpv-m6rm PYSEC-2014-1 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-tudc-7sgh-nkda
Aliases: CVE-2024-45231 GHSA-rrqc-c2jx-6jgv |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-u3v4-y55z-xkbq
Aliases: CVE-2016-2513 GHSA-fp6p-5xvw-m74f PYSEC-2016-16 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. |
|
VCID-u7zv-f4c1-xya2
Aliases: CVE-2015-0221 GHSA-jhjg-w2cp-5j44 PYSEC-2015-6 |
security update |
Affected by 104 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-u9dr-ca2g-e3hk
Aliases: BIT-django-2021-33203 CVE-2021-33203 GHSA-68w8-qjq3-2gfm PYSEC-2021-98 |
Affected by 43 other vulnerabilities. |
|
|
VCID-ud47-2t6q-pycj
Aliases: CVE-2018-7536 GHSA-r28v-mw67-m5p9 PYSEC-2018-5 |
security update |
Affected by 80 other vulnerabilities. Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
VCID-ufv7-y5a7-fugg
Aliases: BIT-django-2024-24680 CVE-2024-24680 GHSA-xxj9-f6rv-m3x4 PYSEC-2024-28 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-v7kk-jbkz-77hf
Aliases: CVE-2014-3730 GHSA-vq3h-3q7v-9prw PYSEC-2014-20 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-v9gk-3pqk-a7cr
Aliases: BIT-django-2020-7471 CVE-2020-7471 GHSA-hmr4-m2h5-33qx PYSEC-2020-35 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-vc8c-7qn1-9uaz
Aliases: BIT-django-2021-3281 CVE-2021-3281 GHSA-fvgf-6h6h-3322 PYSEC-2021-9 |
Affected by 43 other vulnerabilities. |
|
|
VCID-vcqt-n2pk-kyeb
Aliases: BIT-django-2020-9402 CVE-2020-9402 GHSA-3gh2-xw74-jmcw PYSEC-2020-345 PYSEC-2020-36 |
Affected by 43 other vulnerabilities. |
|
|
VCID-w3dy-chny-5fbc
Aliases: BIT-django-2022-28347 CVE-2022-28347 GHSA-w24h-v9qh-8gxj PYSEC-2022-191 |
Affected by 43 other vulnerabilities. |
|
|
VCID-w9sx-n8tk-jbc5
Aliases: BIT-django-2024-41991 CVE-2024-41991 GHSA-r836-hh6v-rg5g PYSEC-2024-69 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-wpt2-535q-3yfe
Aliases: BIT-django-2022-36359 CVE-2022-36359 GHSA-8x94-hmjh-97hq PYSEC-2022-245 |
Affected by 43 other vulnerabilities. |
|
|
VCID-wrts-u1xj-fyec
Aliases: CVE-2011-4138 GHSA-wxg3-mfph-qg9w PYSEC-2011-3 |
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header. |
Affected by 104 other vulnerabilities. |
|
VCID-wvh5-z294-ffev
Aliases: CVE-2014-0481 GHSA-296w-6qhq-gf92 PYSEC-2014-5 |
security update |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-wwzx-eujh-sye1
Aliases: BIT-django-2025-26699 CVE-2025-26699 GHSA-p3fp-8748-vqfq PYSEC-2025-13 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-x1qk-bs7j-63ch
Aliases: CVE-2021-23336 |
Affected by 43 other vulnerabilities. |
|
|
VCID-x91x-cxp9-4fgp
Aliases: BIT-django-2021-33571 CVE-2021-33571 GHSA-p99v-5w3c-jqq9 PYSEC-2021-99 |
Affected by 43 other vulnerabilities. |
|
|
VCID-xczb-x1dc-1fhc
Aliases: CVE-2015-2317 GHSA-7fq8-4pv5-5w5c PYSEC-2015-9 |
security update |
Affected by 104 other vulnerabilities. Affected by 84 other vulnerabilities. |
|
VCID-xg1w-8bd8-fbhu
Aliases: CVE-2015-5964 GHSA-x38m-486c-2wr9 PYSEC-2015-23 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. |
|
VCID-xjhj-6qe7-hbe6
Aliases: CVE-2011-4139 GHSA-rm2j-x595-q9cj PYSEC-2011-4 |
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request. |
Affected by 104 other vulnerabilities. |
|
VCID-xmun-auq2-mqhw
Aliases: CVE-2019-14233 GHSA-h5jv-4p7w-64jg PYSEC-2019-12 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 43 other vulnerabilities. |
|
|
VCID-xqv3-emqb-g3eu
Aliases: CVE-2015-5144 GHSA-q5qw-4364-5hhm PYSEC-2015-10 |
security update |
Affected by 104 other vulnerabilities. Affected by 80 other vulnerabilities. |
|
VCID-y7dr-jvg4-xua8
Aliases: CVE-2019-12308 GHSA-7rp2-fm2h-wchj PYSEC-2019-79 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. |
|
|
VCID-ycc8-7k6j-4kbf
Aliases: BIT-django-2025-48432 CVE-2025-48432 GHSA-7xr5-9hcq-chf9 PYSEC-2025-47 |
Affected by 70 other vulnerabilities. Affected by 60 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-yefp-r2s6-e7fe
Aliases: CVE-2013-1443 GHSA-4c42-4rxm-x6qf PYSEC-2013-18 |
denial of service |
Affected by 104 other vulnerabilities. Affected by 91 other vulnerabilities. |
|
VCID-ymm2-ns18-wkcw
Aliases: BIT-django-2021-45116 CVE-2021-45116 GHSA-8c5j-9r9f-c6w8 PYSEC-2022-2 |
Affected by 43 other vulnerabilities. |
|
|
VCID-ywr3-fe5b-ybek
Aliases: CVE-2013-0306 GHSA-g8xg-jgj6-49r3 PYSEC-2013-17 |
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. |
Affected by 104 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2pwm-sr23-rufp | Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module |
CVE-2007-5828
|
| VCID-6xp2-48m8-byfr | Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. |
CVE-2009-3695
GHSA-p6m5-h7pp-v2x5 PYSEC-2009-4 |
| VCID-q4d1-m2fs-wfhs | Cross-site scripting in django |
CVE-2010-3082
GHSA-fxpg-gg9g-76gj PYSEC-2010-12 |
| VCID-z2j2-py5e-f3e1 | The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. |
CVE-2009-2659
GHSA-9xg7-gg9m-rmq9 PYSEC-2009-3 |