Search for packages
| purl | pkg:pypi/django@6.0.4 |
| Advisory | Summary | Fixed in package version |
|---|---|---|
|
CVE-2026-6907
Aliases: GHSA-5hrc-gvxj-w55p |
Django Uses Cache Containing Sensitive Information An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously … |
Vulnerable Vulnerable |
|
CVE-2026-35192
Aliases: GHSA-7h2m-m8vj-598h |
Django Uses Persistent Cookies Containing Sensitive Information An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response … |
Vulnerable Vulnerable |
|
CVE-2026-5766
Aliases: GHSA-w26r-rmm8-9c29 |
Django has an Improper Handling of Length Parameter Inconsistency An issue was discovered in 6.0 before 6.0.5 and 5.2 before … |
Vulnerable Vulnerable |
|
PYSEC-2026-199
Aliases: BIT-django-2026-6873 CVE-2026-6873 |
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt … |
Not vulnerable Not vulnerable |
|
PYSEC-2026-198
Aliases: BIT-django-2026-48587 CVE-2026-48587 |
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading … |
Not vulnerable Not vulnerable |
|
PYSEC-2026-201
Aliases: BIT-django-2026-8404 CVE-2026-8404 |
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` … |
Not vulnerable Not vulnerable |
|
PYSEC-2026-197
Aliases: BIT-django-2026-35193 CVE-2026-35193 |
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` … |
Not vulnerable Not vulnerable |
|
PYSEC-2026-200
Aliases: BIT-django-2026-7666 CVE-2026-7666 |
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse … |
Not vulnerable Not vulnerable |
|
PYSEC-2026-55
Aliases: BIT-django-2026-6907 CVE-2026-6907 GHSA-5hrc-gvxj-w55p |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header … |
Vulnerable Vulnerable Vulnerable Vulnerable |
|
PYSEC-2026-50
Aliases: BIT-django-2026-35192 CVE-2026-35192 GHSA-7h2m-m8vj-598h |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if … |
Vulnerable Vulnerable Vulnerable Vulnerable |
|
PYSEC-2026-54
Aliases: BIT-django-2026-5766 CVE-2026-5766 GHSA-w26r-rmm8-9c29 |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` … |
Vulnerable Vulnerable Vulnerable Vulnerable |
| Advisory | Summary | Aliases |
|---|---|---|
|
CVE-2026-33033
|
Django has potential DoS via MultiPartParser through crafted multipart uploads An issue was discovered in 6.0 before 6.0.4, 5.2 before … |
GHSA-5mf9-h53q-7mhq
|
|
CVE-2026-3902
|
Django vulnerable to ASGI header spoofing via underscore/hyphen conflation An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, … |
GHSA-mvfq-ggxm-9mc5
|
|
CVE-2026-4277
|
Django vulnerable to privilege abuse in GenericInlineModelAdmin An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 … |
GHSA-pwjp-ccjc-ghwg
|
|
CVE-2026-33034
|
Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit An issue was discovered in … |
GHSA-933h-hp56-hf7m
|
|
CVE-2026-4292
|
Django vulnerable to privilege abuse in ModelAdmin.list_editable An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 … |
GHSA-mmwr-2jhp-mc7j
|
|
PYSEC-2026-52
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model … |
BIT-django-2026-4277
CVE-2026-4277 GHSA-pwjp-ccjc-ghwg |
|
PYSEC-2026-49
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing … |
BIT-django-2026-33034
CVE-2026-33034 GHSA-933h-hp56-hf7m |
|
PYSEC-2026-53
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` … |
BIT-django-2026-4292
CVE-2026-4292 GHSA-mmwr-2jhp-mc7j |
|
PYSEC-2026-48
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to … |
BIT-django-2026-33033
CVE-2026-33033 GHSA-5mf9-h53q-7mhq |
|
PYSEC-2026-51
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker … |
BIT-django-2026-3902
CVE-2026-3902 GHSA-mvfq-ggxm-9mc5 |