Search for packages
| purl | pkg:pypi/django@5.0.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4c4n-p117-sqcv
Aliases: BIT-django-2025-26699 CVE-2025-26699 GHSA-p3fp-8748-vqfq PYSEC-2025-13 |
django: Potential denial-of-service vulnerability in django.utils.text.wrap() |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c291-japf-r3a8
Aliases: BIT-django-2024-45230 CVE-2024-45230 GHSA-5hgc-2vfp-mqvc PYSEC-2024-102 |
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. |
Affected by 5 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-dapt-wsva-ubfv
Aliases: CVE-2024-45231 GHSA-rrqc-c2jx-6jgv |
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). |
Affected by 5 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-dpmr-57g2-aqhv
Aliases: CVE-2025-27556 GHSA-wqfg-m96j-85vm PYSEC-2025-14 |
django: Django DoS Unicode Attack |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ewxh-f1q5-kyaa
Aliases: BIT-django-2024-56374 CVE-2024-56374 GHSA-qcgg-j2x8-h9g8 PYSEC-2025-1 |
django: potential denial-of-service vulnerability in IPv6 validation |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-fuhn-4eep-23b5
Aliases: BIT-django-2024-53908 CVE-2024-53908 GHSA-m9g8-fxxm-xg86 PYSEC-2024-157 |
Django SQL injection in HasKey(lhs, rhs) on Oracle |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-uzhs-cg7d-jycp
Aliases: BIT-django-2024-53907 CVE-2024-53907 GHSA-8498-2h75-472j PYSEC-2024-156 |
Django denial-of-service in django.utils.html.strip_tags() |
Affected by 3 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-adsn-8dtx-aaan | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. |
BIT-django-2024-41990
CVE-2024-41990 GHSA-795c-9xpc-xw6g PYSEC-2024-68 |
| VCID-c94m-sbts-aaae | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. |
BIT-django-2024-42005
CVE-2024-42005 GHSA-pv4p-cwwg-4rph PYSEC-2024-70 |
| VCID-jaz4-2j4u-aaas | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. |
BIT-django-2024-41991
CVE-2024-41991 GHSA-r836-hh6v-rg5g PYSEC-2024-69 |
| VCID-tzxq-4jex-aaaa | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. |
BIT-django-2024-41989
CVE-2024-41989 GHSA-jh75-99hh-qvx9 PYSEC-2024-67 |