Search for packages
| purl | pkg:pypi/django@2.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7dtn-w6bf-aaab
Aliases: BIT-2020-13254 BIT-django-2020-13254 CVE-2020-13254 GHSA-wpjr-j57x-wxfw PYSEC-2020-31 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
Affected by 21 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-jefu-dz7u-aaac
Aliases: CVE-2019-6975 GHSA-wh4h-v3f2-r2pp PYSEC-2019-18 PYSEC-2019-88 |
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-pm6s-x7r5-aaak
Aliases: CVE-2019-19844 GHSA-vfq6-hq5r-27r6 PYSEC-2019-16 PYSEC-2019-86 |
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) |
Affected by 25 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-qjx3-vgza-aaak
Aliases: CVE-2018-6188 GHSA-rf4j-j272-fj86 PYSEC-2018-4 |
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. |
Affected by 17 other vulnerabilities. |
|
VCID-r4bp-3zs8-aaag
Aliases: CVE-2019-3498 GHSA-337x-4q8g-prc5 PYSEC-2019-17 PYSEC-2019-87 |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. |
Affected by 13 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-x5yz-7qtf-aaar
Aliases: BIT-2020-9402 BIT-django-2020-9402 CVE-2020-9402 GHSA-3gh2-xw74-jmcw PYSEC-2020-36 |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. |
Affected by 23 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-zh4q-8g5x-aaas
Aliases: BIT-2020-7471 BIT-django-2020-7471 CVE-2020-7471 GHSA-hmr4-m2h5-33qx PYSEC-2020-35 |
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. |
Affected by 24 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-zrah-xa2u-aaan
Aliases: BIT-2020-13596 BIT-django-2020-13596 CVE-2020-13596 GHSA-2m34-jcjv-45xf PYSEC-2020-32 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. |
Affected by 21 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 14 other vulnerabilities. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-03-28T20:05:41.579689+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | None | 36.0.0 |
| 2025-03-28T20:05:19.799453+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | None | 36.0.0 |
| 2025-03-28T20:04:12.137213+00:00 | GHSA Importer | Affected by | VCID-zrah-xa2u-aaan | None | 36.0.0 |
| 2025-03-28T20:04:11.805888+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | None | 36.0.0 |
| 2025-03-28T20:03:53.649650+00:00 | GHSA Importer | Affected by | VCID-jefu-dz7u-aaac | None | 36.0.0 |
| 2025-03-28T20:03:49.488460+00:00 | GHSA Importer | Affected by | VCID-r4bp-3zs8-aaag | None | 36.0.0 |
| 2025-03-28T20:03:46.840157+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | None | 36.0.0 |
| 2025-03-28T20:02:58.972437+00:00 | GHSA Importer | Affected by | VCID-qjx3-vgza-aaak | None | 36.0.0 |
| 2024-09-17T22:26:49.562223+00:00 | GitLab Importer | Affected by | VCID-jefu-dz7u-aaac | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2019-6975.yml | 34.0.1 |
| 2024-09-17T22:14:02.800797+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | https://github.com/advisories/GHSA-hmr4-m2h5-33qx | 34.0.1 |
| 2024-09-17T22:13:48.577997+00:00 | GHSA Importer | Affected by | VCID-qjx3-vgza-aaak | https://github.com/advisories/GHSA-rf4j-j272-fj86 | 34.0.1 |
| 2024-09-17T22:13:47.178204+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | https://github.com/advisories/GHSA-vfq6-hq5r-27r6 | 34.0.1 |
| 2024-09-17T22:13:47.085806+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | https://github.com/advisories/GHSA-wpjr-j57x-wxfw | 34.0.1 |
| 2024-09-17T22:13:45.654504+00:00 | GHSA Importer | Affected by | VCID-jefu-dz7u-aaac | https://github.com/advisories/GHSA-wh4h-v3f2-r2pp | 34.0.1 |
| 2024-09-17T22:13:45.027449+00:00 | GHSA Importer | Affected by | VCID-r4bp-3zs8-aaag | https://github.com/advisories/GHSA-337x-4q8g-prc5 | 34.0.1 |
| 2024-05-07T21:57:11.011585+00:00 | GHSA Importer | Affected by | VCID-qjx3-vgza-aaak | https://github.com/advisories/GHSA-rf4j-j272-fj86 | 34.0.0rc4 |
| 2024-01-03T17:52:46.969652+00:00 | GitLab Importer | Affected by | VCID-jefu-dz7u-aaac | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2019-6975.yml | 34.0.0rc1 |
| 2024-01-03T17:46:42.567991+00:00 | GHSA Importer | Affected by | VCID-x5yz-7qtf-aaar | https://github.com/advisories/GHSA-3gh2-xw74-jmcw | 34.0.0rc1 |
| 2024-01-03T17:44:12.297375+00:00 | GHSA Importer | Affected by | VCID-zh4q-8g5x-aaas | https://github.com/advisories/GHSA-hmr4-m2h5-33qx | 34.0.0rc1 |
| 2024-01-03T17:43:58.742868+00:00 | GHSA Importer | Affected by | VCID-qjx3-vgza-aaak | https://github.com/advisories/GHSA-rf4j-j272-fj86 | 34.0.0rc1 |
| 2024-01-03T17:43:57.171685+00:00 | GHSA Importer | Affected by | VCID-pm6s-x7r5-aaak | https://github.com/advisories/GHSA-vfq6-hq5r-27r6 | 34.0.0rc1 |
| 2024-01-03T17:43:57.067601+00:00 | GHSA Importer | Affected by | VCID-7dtn-w6bf-aaab | https://github.com/advisories/GHSA-wpjr-j57x-wxfw | 34.0.0rc1 |
| 2024-01-03T17:43:55.623684+00:00 | GHSA Importer | Affected by | VCID-jefu-dz7u-aaac | https://github.com/advisories/GHSA-wh4h-v3f2-r2pp | 34.0.0rc1 |
| 2024-01-03T17:43:55.031591+00:00 | GHSA Importer | Affected by | VCID-r4bp-3zs8-aaag | https://github.com/advisories/GHSA-337x-4q8g-prc5 | 34.0.0rc1 |
| 2024-01-03T17:43:48.772948+00:00 | GHSA Importer | Affected by | VCID-zrah-xa2u-aaan | https://github.com/advisories/GHSA-2m34-jcjv-45xf | 34.0.0rc1 |