pkg:PyPI/django

300 total CVEsCRITICAL32HIGH130MEDIUM125LOW9

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2026-4277Privilege abuse in GenericInlineModelAdmin
>= 6.0, < 6.0.4
CRITICAL9.8CVE-2026-4277Privilege abuse in GenericInlineModelAdmin
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
>= 5.0.0, < 5.0.10
CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
>= 5.1, < 5.1.4, >= 5.0, < 5.0.10, >= 4.2, < 4.2.17
CRITICAL9.8CVE-2023-31047python-django - security update
>= 3.2, < 3.2.19, >= 4.0, < 4.1.9, >= 4.2, < 4.2.1
CRITICAL9.8CVE-2023-31047python-django - security update
>= 3.2a1, < 3.2.19
CRITICAL9.8CVE-2022-34265Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
>= 3.2a1, < 3.2.14
CRITICAL9.8CVE-2022-34265Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
>= 3.2, < 3.2.14, >= 4.0, < 4.0.6
CRITICAL9.8CVE-2014-0472python-django - security update
from 0, < 1.4.11
CRITICAL9.8CVE-2014-0474Django Vulnerable to MySQL Injection
from 0, < 1.4.11
CRITICAL9.8CVE-2014-0472python-django - security update
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
CRITICAL9.8CVE-2014-0474Django Vulnerable to MySQL Injection
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
CRITICAL9.8CVE-2016-9013python-django - security update
>= 1.8, < 1.8.16, >= 1.9, < 1.9.11, >= 1.10, < 1.10.3
CRITICAL9.8CVE-2016-9013python-django - security update
>= 1.10a1, < 1.10.3
CRITICAL9.8CVE-2022-28347SQL Injection in Django
>= 2.2, < 2.2.28
CRITICAL9.8CVE-2022-28346python-django - security update
>= 4.0, < 4.0.4, >= 3.2, < 3.2.13, >= 2.2, < 2.2.28
CRITICAL9.8CVE-2022-28346python-django - security update
>= 2.2, < 2.2.28
CRITICAL9.8CVE-2022-28347SQL Injection in Django
>= 4.0, < 4.0.4, >= 3.2, < 3.2.13, >= 2.2, < 2.2.28
CRITICAL9.8CVE-2021-35042SQL Injection in Django
>= 3.1, < 3.1.13, >= 3.2, < 3.2.5
CRITICAL9.8CVE-2021-35042SQL Injection in Django
>= 3.2a1, < 3.2.5
CRITICAL9.8CVE-2020-7471python-django - security update
from 0, < 1.11.28
CRITICAL9.8CVE-2020-7471python-django - security update
from 0, < eb31d845323618d688ad429479c6dda973056136 | >= 1.11, < 1.11.28, >= 2.2, < 2.2.10, >= 3.0, < 3.0.3
CRITICAL9.8CVE-2019-19844python-django - security update
from 0, < 1.11.27
CRITICAL9.8CVE-2019-19844python-django - security update
from 0, < 1.11.27, >= 2.2, < 2.2.9
CRITICAL9.8CVE-2019-14234SQL Injection in Django
>= 1.11a1, < 1.11.23
CRITICAL9.8CVE-2019-14234SQL Injection in Django
>= 2.1, < 2.1.11, >= 1.11, < 1.11.23, >= 2.2, < 2.2.4
CRITICAL9.1CVE-2025-64459Potential SQL injection via _connector keyword argument in QuerySet and Q objects
>= 5.2a1, < 5.2.8
CRITICAL9.1CVE-2025-64459Potential SQL injection via _connector keyword argument in QuerySet and Q objects
>= 4.2, < 4.2.26, >= 5.1, < 5.1.14, >= 5.2, < 5.2.8
CRITICAL9.1CVE-2024-42005Django SQL injection vulnerability
>= 5.0, < 5.0.8, >= 4.2, < 4.2.15
CRITICAL9.1CVE-2024-42005Django SQL injection vulnerability
>= 5.0, < 5.0.8
CRITICAL9.1CVE-2011-0698Directory traversal in Django
>= 1.1, < 1.1.4, >= 1.2, < 1.2.5
CRITICAL9.1CVE-2011-0698Directory traversal in Django
>= 1.1, < 1.1.4
HIGH8.8CVE-2022-36359Django vulnerable to Reflected File Download attack
from 0, < 3.2.15
HIGH8.8CVE-2022-36359Django vulnerable to Reflected File Download attack
>= 3.2, < 3.2.15, >= 4.0, < 4.0.7
HIGH8.8CVE-2020-9402SQL injection in Django
>= 1.11, < 1.11.29
HIGH8.8CVE-2020-9402SQL injection in Django
>= 1.11, < 1.11.29, >= 2.2, < 2.2.11, >= 3.0, < 3.0.4
HIGH8.8CVE-2020-9402SQL injection in Django
>= 1.11, < 1.11.29, >= 2.2, < 2.2.11, >= 3.0, < 3.0.4
HIGH8.6CVE-2013-4315python-django - directory traversal
>= 1.4, < 1.4.7
HIGH8.6CVE-2013-4315python-django - directory traversal
>= 1.4, < 1.4.7, >= 1.5, < 1.5.3
HIGH8.1CVE-2016-9014python-django - security update
>= 1.8a1, < 1.8.16
HIGH8.1CVE-2016-9014python-django - security update
from 0, < 1.8.16, >= 1.9, < 1.9.11, >= 1.10, < 1.10.3
HIGH7.5CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation
>= 6.0, < 6.0.4
HIGH7.5CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
HIGH7.5CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
HIGH7.5CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
>= 6.0, < 6.0.4
HIGH7.5CVE-2026-25673Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
>= 6.0, < 6.0.3
HIGH7.5CVE-2025-14550Potential denial-of-service vulnerability via repeated headers when using ASGI
>= 6.0a1, < 6.0.2
HIGH7.5CVE-2026-1285Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
>= 6.0a1, < 6.0.2
HIGH7.5CVE-2026-1285Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
HIGH7.5CVE-2025-14550Potential denial-of-service vulnerability via repeated headers when using ASGI
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
HIGH7.5CVE-2025-64460Potential denial-of-service vulnerability in XML serializer text extraction
>= 5.2a1, < 5.2.9
HIGH7.5CVE-2025-64460Potential denial-of-service vulnerability in XML serializer text extraction
>= 4.2, < 4.2.27, >= 5.1, < 5.1.15, >= 5.2, < 5.2.9
HIGH7.5CVE-2025-64458Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
>= 5.2a1, < 5.2.8
HIGH7.5CVE-2025-64458Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
>= 4.2, < 4.2.26, >= 5.1, < 5.1.14, >= 5.2, < 5.2.8
HIGH7.5CVE-2024-53907Django denial-of-service in django.utils.html.strip_tags()
>= 5.1.0, < 5.1.4
HIGH7.5CVE-2024-53907Django denial-of-service in django.utils.html.strip_tags()
>= 5.1, < 5.1.4, >= 5.0, < 5.0.10, >= 4.2, < 4.2.17
HIGH7.5CVE-2024-39614Django vulnerable to Denial of Service
>= 5.0, < 5.0.7
HIGH7.5CVE-2024-38875Django vulnerable to Denial of Service
>= 4.2, < 4.2.14, >= 5.0, < 5.0.7
HIGH7.5CVE-2024-39614Django vulnerable to Denial of Service
>= 5.0, < 5.0.7, >= 4.2, < 4.2.14
HIGH7.5CVE-2024-39330Django Path Traversal vulnerability
>= 5.0, < 5.0.7
HIGH7.5CVE-2024-38875Django vulnerable to Denial of Service
>= 4.2, < 4.2.14
HIGH7.5CVE-2024-39330Django Path Traversal vulnerability
>= 5.0, < 5.0.7, >= 4.2, < 4.2.14
HIGH7.5CVE-2023-46695Django potential denial of service vulnerability in UsernameField on Windows
>= 3.2a1, < 3.2.23
HIGH7.5CVE-2023-46695Django potential denial of service vulnerability in UsernameField on Windows
>= 3.2, < 3.2.23, >= 4.1, < 4.1.13, >= 4.2, < 4.2.7
HIGH7.5CVE-2023-36053python-django - security update
>= 3.2a1, < 3.2.20
HIGH7.5CVE-2023-36053python-django - security update
>= 4.2, < 4.2.3, >= 4.0, < 4.1.10, >= 3.2, < 3.2.20
HIGH7.5CVE-2023-24580python-django - security update
>= 3.2, < 3.2.18, >= 4.0, < 4.0.10, >= 4.1, < 4.1.7
HIGH7.5CVE-2023-24580python-django - security update
>= 3.2a1, < 3.2.18
HIGH7.5CVE-2023-23969python-django - security update
>= 3.2a1, < 3.2.17
HIGH7.5CVE-2023-23969python-django - security update
>= 3.2, < 3.2.17, >= 4.0, < 4.0.9, >= 4.1, < 4.1.6
HIGH7.5CVE-2022-41323Django denial-of-service vulnerability in internationalized URLs
from 0, < 5b6b257fa7ec37ff27965358800c67e2dd11c924 | >= 3.2, < 3.2.16, >= 4.0, < 4.0.8, >= 4.1, < 4.1.2
HIGH7.5CVE-2022-41323Django denial-of-service vulnerability in internationalized URLs
>= 3.2, < 3.2.16
HIGH7.5CVE-2012-3444Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
from 0, < 1.3.2
HIGH7.5CVE-2012-3443Django Image Field Vulnerable to Image Decompression Bombs
from 0, < 1.3.2, >= 1.4, < 1.4.1
HIGH7.5CVE-2012-3444Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
from 0, < 1.3.2, >= 1.4, < 1.4.1
HIGH7.5CVE-2012-3443Django Image Field Vulnerable to Image Decompression Bombs
from 0, < 1.3.2
HIGH7.5CVE-2012-4520python-django - several vulnerabilities
from 0, < 9305c0e12d43c4df999c3301a1f0c742264a657e, < b45c377f8f488955e0c7069cad3f3dd21910b071, < 92d3430f12171f16f566c9050c40feefb830a4a3 | >= 1.3, < 1.3.4, >= 1.4, < 1.4.2
HIGH7.5CVE-2012-4520python-django - several vulnerabilities
>= 1.3, < 1.3.4
HIGH7.5CVE-2013-1443python-django - denial of service
>= 1.4, < 1.4.8
HIGH7.5CVE-2013-1443python-django - denial of service
>= 1.4, < 1.4.8, >= 1.5, < 1.5.4
HIGH7.5CVE-2015-3982Django allows user sessions hijacking via an empty string in the session key
>= 1.8, < 1.8.2
HIGH7.5CVE-2015-3982Django allows user sessions hijacking via an empty string in the session key
>= 1.8a1, < 1.8.2
HIGH7.5CVE-2015-0222Django database denial-of-service with ModelMultipleChoiceField
>= 1.6, < 1.6.10
HIGH7.5CVE-2015-0221Django DoS in django.views.static.serve
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
HIGH7.5CVE-2015-0222Django database denial-of-service with ModelMultipleChoiceField
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
HIGH7.5CVE-2015-0221Django DoS in django.views.static.serve
from 0, < 1.4.18
HIGH7.5CVE-2015-5964Denial-of-service possibility in logout() view by filling session store
>= 1.7, < 1.7.10
HIGH7.5CVE-2015-5964Denial-of-service possibility in logout() view by filling session store
>= 1.7, < 1.7.10, >= 1.4, < 1.4.22
HIGH7.5CVE-2014-0473Django Reuses Cached CSRF Token
from 0, < 1.4.11
HIGH7.5CVE-2014-0473Django Reuses Cached CSRF Token
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
HIGH7.5CVE-2015-5144Django Vulnerable to HTTP Response Splitting Attack
from 0, < 1.4.21, >= 1.5, < 1.7.9, >= 1.8, < 1.8.3
HIGH7.5CVE-2015-5145Django ReDoS in validators.URLValidator
>= 1.8, < 1.8.3
HIGH7.5CVE-2015-5145Django ReDoS in validators.URLValidator
>= 1.8a1, < 1.8.3
HIGH7.5CVE-2015-5144Django Vulnerable to HTTP Response Splitting Attack
from 0, < 1.4.21
HIGH7.5CVE-2015-5963python-django - security update
>= 1.8, < 1.8.4, >= 1.7, < 1.7.10, >= 1.4, < 1.4.22
HIGH7.5CVE-2015-5963python-django - security update
>= 1.8, < 1.8.4
HIGH7.5CVE-2016-7401python-django - security update
from 0, < 1.8.15
HIGH7.5CVE-2016-7401python-django - security update
from 0, < 1.8.15, >= 1.9, < 1.9.10
HIGH7.5CVE-2011-4139Django Vulnerable to Cache Poisoning
from 0, < 1.2.7, >= 1.3, < 1.3.1
HIGH7.5CVE-2011-4139Django Vulnerable to Cache Poisoning
from 0, < 1.2.7
HIGH7.5CVE-2011-4138Django Might Allow CSRF Requests via URL Verification
from 0, < 1.2.7
HIGH7.5CVE-2011-4138Django Might Allow CSRF Requests via URL Verification
from 0, < 1.2.7, >= 1.3, < 1.3.1
HIGH7.5CVE-2014-3730Django Allows Open Redirects
>= 1.4, < 1.4.13
HIGH7.5CVE-2014-3730Django Allows Open Redirects
>= 1.4, < 1.4.13, >= 1.5, < 1.5.8, >= 1.6, < 1.6.5, >= 1.7a0, < 1.7b4
HIGH7.5CVE-2014-0480python-django - security update
from 0, < 1.4.14
HIGH7.5CVE-2014-0480python-django - security update
from 0, < 1.4.14, >= 1.5, < 1.5.9, >= 1.6, < 1.6.6
HIGH7.5CVE-2015-2316Django Denial-of-service possibility with strip_tags
>= 1.6, < 1.6.11, >= 1.7, < 1.7.7, >= 1.8a0, < 1.8c1
HIGH7.5CVE-2015-2316Django Denial-of-service possibility with strip_tags
>= 1.6, < 1.6.11
HIGH7.5CVE-2014-0481Django denial of service via file upload naming
from 0, < 1.4.14, >= 1.5, < 1.5.9, >= 1.6, < 1.6.6
HIGH7.5CVE-2014-0481Django denial of service via file upload naming
from 0, < 1.4.14
HIGH7.5CVE-2009-3695python-django - denial of service
>= 1.0, < 1.0.4
HIGH7.5CVE-2009-3695python-django - denial of service
>= 1.0, < 1.0.4, >= 1.1, < 1.1.1
HIGH7.5CVE-2009-2659Django Admin Media Handler Vulnerable to Directory Traversal
>= 0.96.0, < 0.96.4
HIGH7.5CVE-2009-2659Django Admin Media Handler Vulnerable to Directory Traversal
from 0, < 1.1
HIGH7.5CVE-2008-3909Django cross-site request forgery (CSRF) vulnerability
>= 0.91.0, < 0.91.3
HIGH7.5CVE-2008-3909Django cross-site request forgery (CSRF) vulnerability
from 0, < 1.1
HIGH7.5CVE-2022-23833Infinite Loop in Django
>= 2.2, < 2.2.27, >= 3.2, < 3.2.12, >= 4.0, < 4.0.2
HIGH7.5CVE-2022-23833Infinite Loop in Django
>= 2.2, < 2.2.27
HIGH7.5CVE-2021-45116Information disclosure in Django
>= 2.2, < 2.2.26, >= 3.2, < 3.2.11, >= 4.0, < 4.0.1
HIGH7.5CVE-2021-45116Information disclosure in Django
>= 2.2, < 2.2.26
HIGH7.5CVE-2021-45115python-django - security update
>= 2.2, < 2.2.26, >= 3.2, < 3.2.11, >= 4.0, < 4.0.1
HIGH7.5CVE-2021-45115python-django - security update
>= 2.2a1, < 2.2.26
HIGH7.5CVE-2021-33571Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
>= 2.2a1, < 2.2.24
HIGH7.5CVE-2021-33571Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
>= 2.2, < 2.2.24, >= 3.0, < 3.1.12, >= 3.2, < 3.2.4
HIGH7.5CVE-2021-31542python-django - security update
>= 2.2, < 2.2.21
HIGH7.5CVE-2021-31542python-django - security update
>= 2.2, < 2.2.21, >= 3.1, < 3.1.9, >= 3.2, < 3.2.1
HIGH7.5CVE-2020-24583python-django - security update
>= 2.2a1, < 2.2.16
HIGH7.5CVE-2020-24583python-django - security update
>= 2.2, < 2.2.16, >= 3.0, < 3.0.10, >= 3.1, < 3.1.1
HIGH7.5CVE-2020-24584Django Incorrect Default Permissions
>= 2.2, < 2.2.16, >= 3.0, < 3.0.10, >= 3.1, < 3.1.1
HIGH7.5CVE-2020-24584Django Incorrect Default Permissions
>= 2.2, < 2.2.16
HIGH7.5CVE-2019-14233Django Denial-of-service in strip_tags()
>= 2.1, < 2.1.11, >= 2.2, < 2.2.4, >= 1.11, < 1.11.23
HIGH7.5CVE-2019-14233Django Denial-of-service in strip_tags()
>= 1.11a1, < 1.11.23
HIGH7.5CVE-2019-14235Uncontrolled Recursion in Django
>= 2.2, < 2.2.4, >= 1.11, < 1.11.23, >= 2.1, < 2.1.11
HIGH7.5CVE-2019-14235Uncontrolled Recursion in Django
>= 1.11a1, < 1.11.23
HIGH7.5CVE-2019-14232python-django - security update
>= 1.11a1, < 1.11.23
HIGH7.5CVE-2019-14232python-django - security update
>= 1.11, < 1.11.23, >= 2.1, < 2.1.11, >= 2.2, < 2.2.4
HIGH7.5CVE-2015-5143python-django - security update
from 0, < 1.4.21, >= 1.5, < 1.7.9, >= 1.8, < 1.8.3
HIGH7.5CVE-2015-5143python-django - security update
from 0, < 1.4.21
HIGH7.5CVE-2019-6975Uncontrolled Memory Consumption in Django
>= 1.11, < 1.11.19
HIGH7.5CVE-2019-6975Uncontrolled Memory Consumption in Django
>= 1.11, < 1.11.19, >= 2.0, < 2.0.12, >= 2.1, < 2.1.7
HIGH7.5CVE-2018-6188Django vulnerable to information leakage in AuthenticationForm
>= 2.0a1, < 2.0.2
HIGH7.5CVE-2018-6188Django vulnerable to information leakage in AuthenticationForm
>= 2.0, < 2.0.2
HIGH7.5CVE-2010-4535Improper date handling in Django
from 0, < 1.1.3, >= 1.2, < 1.2.4
HIGH7.5CVE-2010-4535Improper date handling in Django
from 0, < 1.1.3
HIGH7.5CVE-2010-4535Improper date handling in Django
HIGH7.5CVE-2011-4137Denial of service in django
from 0, < 1.2.7, >= 1.3, < 1.3.1
HIGH7.5CVE-2011-4137Denial of service in django
from 0, < 1.2.7
HIGH7.5CVE-2011-4140Django Cross-Site Request Forgery vulnerability
from 0, <= 1.2.7
HIGH7.5CVE-2011-4140Django Cross-Site Request Forgery vulnerability
from 0, < 1.2.7, >= 1.3, < 1.3.1
HIGH7.5CVE-2011-0696Cross-site request forgery in Django
>= 1.1, < 1.1.4
HIGH7.5CVE-2011-0696Cross-site request forgery in Django
>= 1.1, < 1.1.4, >= 1.2, < 1.2.5
HIGH7.5CVE-2011-0696Cross-site request forgery in Django
HIGH7.4CVE-2014-1418Django Vulnerable to Cache Poisoning
>= 1.4, < 1.4.13
HIGH7.4CVE-2014-1418Django Vulnerable to Cache Poisoning
>= 1.4, < 1.4.13, >= 1.5, < 1.5.8, >= 1.6, < 1.6.5, >= 1.7a0, < 1.7b4
HIGH7.4CVE-2016-2512python-django - security update
from 0, < c5544d289233f501917e25970c03ed444abbd4f0 | from 0, < 1.8.10, >= 1.9, < 1.9.3
HIGH7.4CVE-2016-2512python-django - security update
from 0, < 1.8.10
HIGH7.3CVE-2021-44420Potential bypass of an upstream access control based on URL paths in Django
>= 2.2, < 2.2.25, >= 3.1, < 3.1.14, >= 3.2, < 3.2.10
HIGH7.3CVE-2021-44420Potential bypass of an upstream access control based on URL paths in Django
>= 2.2a1, < 2.2.25
HIGH7.1CVE-2025-59681python-django - security update
>= 4.2, < 4.2.25, >= 5.1, < 5.1.13, >= 5.2, < 5.2.7
HIGH7.1CVE-2025-59681python-django - security update
>= 4.2, < 4.2.25
HIGH7.1CVE-2025-57833python-django - security update
>= 4.2, < 4.2.24, >= 5.1, < 5.1.12, >= 5.2, < 5.2.6
HIGH7.1CVE-2025-57833python-django - security update
from 0, < 4.2.24
MEDIUM6.5CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
>= 6.0, < 6.0.5
MEDIUM6.5CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
>= 5.2, < 5.2.14, >= 6.0, < 6.0.5
MEDIUM6.5CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
MEDIUM6.5CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
>= 6.0, < 6.0.4
MEDIUM6.5CVE-2014-0482Django Middleware Enables Session Hijacking
from 0, < 1.4.14
MEDIUM6.5CVE-2014-0482Django Middleware Enables Session Hijacking
from 0, < 1.4.14, >= 1.5, < 1.5.9, >= 1.6, < 1.6.6
MEDIUM6.5CVE-2019-19118Django allows unintended model editing
>= 2.1, < 2.1.15, >= 2.2, < 2.2.8
MEDIUM6.5CVE-2019-19118Django allows unintended model editing
>= 2.1, < 2.1.15
MEDIUM6.5CVE-2019-3498python-django - security update
>= 1.11a1, < 1.11.18
MEDIUM6.5CVE-2019-3498python-django - security update
>= 1.11, < 1.11.18, >= 2.0, < 2.0.10, >= 2.1, < 2.1.5
MEDIUM6.5CVE-2010-4534Improper query string handling in Django
MEDIUM6.5CVE-2010-4534Improper query string handling in Django
from 0, < 1.1.3, >= 1.2, < 1.2.4
MEDIUM6.5CVE-2010-4534Improper query string handling in Django
from 0, < 1.1.3
MEDIUM6.1CVE-2012-3442python-django - several
from 0, < 1.3.2, >= 1.4, < 1.4.1
MEDIUM6.1CVE-2012-3442python-django - several
from 0, < 1.3.2
MEDIUM6.1CVE-2015-2241Django Cross-site Scripting Vulnerability
from 0, < 1.7.6
MEDIUM6.1CVE-2015-2241Django Cross-site Scripting Vulnerability
from 0, < 1.7.6, >= 1.8a1, < 1.8b2
MEDIUM6.1CVE-2015-0220Django Cross-site Scripting Vulnerability
from 0, < 1.4.18
MEDIUM6.1CVE-2015-0220Django Cross-site Scripting Vulnerability
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
MEDIUM6.1CVE-2013-4249Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
>= 1.5, < 1.5.2
MEDIUM6.1CVE-2013-4249Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
from 0, < 90363e388c61874add3f3557ee654a996ec75d78, < cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560 | >= 1.5, < 1.5.2
MEDIUM6.1CVE-2013-6044python-django - cross-site scripting vulnerability
from 0, < ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a, < ae3535169af804352517b7fea94a42a1c9c4b762, < 1a274ccd6bc1afbdac80344c9b6e5810c1162b5f | >= 1.4, < 1.4.6, >= 1.5, < 1.5.2
MEDIUM6.1CVE-2013-6044python-django - cross-site scripting vulnerability
>= 1.4, < 1.4.6
MEDIUM6.1CVE-2016-6186python-django - security update
from 0, < 1.8.14
MEDIUM6.1CVE-2016-6186python-django - security update
from 0, < d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158, < f68e5a99164867ab0e071a936470958ed867479d | from 0, < 1.8.14, >= 1.9, < 1.9.8, >= 1.10a0, < 1.10rc1
MEDIUM6.1CVE-2015-2317python-django - security update
from 0, < 1.4.20
MEDIUM6.1CVE-2015-2317python-django - security update
from 0, < 1.4.20, >= 1.5, < 1.6.11, >= 1.7, < 1.7.7, >= 1.8a0, < 1.8c1
MEDIUM6.1CVE-2008-2302Django Cross-site scripting (XSS) vulnerability
>= 0.91, < 0.91.2
MEDIUM6.1CVE-2008-2302Django Cross-site scripting (XSS) vulnerability
from 0, < 1.1
MEDIUM6.1CVE-2022-22818python-django - security update
>= 2.2, < 2.2.27
MEDIUM6.1CVE-2022-22818python-django - security update
>= 2.2, < 2.2.27, >= 3.2, < 3.2.12, >= 4.0, < 4.0.2
MEDIUM6.1CVE-2021-32052Header injection possible in Django
>= 2.2, < 2.2.22, >= 3.1, < 3.1.10, >= 3.2, < 3.2.2
MEDIUM6.1CVE-2021-32052Header injection possible in Django
>= 2.2, < 2.2.22
MEDIUM6.1CVE-2020-13596XSS in Django
>= 2.2a1, < 2.2.13
MEDIUM6.1CVE-2020-13596XSS in Django
>= 2.2, < 2.2.13, >= 3.0, < 3.0.7
MEDIUM6.1CVE-2019-12308python-django - security update
>= 2.1, < 2.1.9, >= 1.11, < 1.11.21, >= 2.2, < 2.2.2
MEDIUM6.1CVE-2019-12308python-django - security update
>= 1.11a1, < 1.11.21
MEDIUM6.1CVE-2019-11358XSS in jQuery as used in Drupal, Backdrop CMS, and other products
>= 2.0a1, < 2.1.9
MEDIUM6.1CVE-2017-12794Django vulnerable to XSS on 500 pages
>= 1.10, < 1.10.8, >= 1.11, < 1.11.5
MEDIUM6.1CVE-2017-12794Django vulnerable to XSS on 500 pages
>= 1.10a1, < 1.10.8
MEDIUM6.1CVE-2017-7233python-django - security update
>= 1.10a1, < 1.10.7
MEDIUM6.1CVE-2017-7233python-django - security update
>= 1.10, < 1.10.7, >= 1.9, < 1.9.13, >= 1.8, < 1.8.18
MEDIUM6.1CVE-2017-7234Django open redirect
>= 1.10, < 1.10.7
MEDIUM6.1CVE-2017-7234Django open redirect
>= 1.10, < 1.10.7, >= 1.9, < 1.9.13, >= 1.8, < 1.8.18
MEDIUM6.1CVE-2018-14574python-django - security update
>= 2.0, < 2.0.8, >= 1.11, < 1.11.15
MEDIUM6.1CVE-2018-14574python-django - security update
>= 2.0, < 2.0.8
MEDIUM6.1CVE-2011-0697Cross-site scripting in django
MEDIUM6.1CVE-2011-0697Cross-site scripting in django
>= 1.1, < 1.1.4, >= 1.2, < 1.2.5
MEDIUM6.1CVE-2011-0697Cross-site scripting in django
>= 1.1, < 1.1.4
MEDIUM6.1CVE-2010-3082Cross-site scripting in django
>= 1.2, < 1.2.2
MEDIUM6.1CVE-2010-3082Cross-site scripting in django
>= 1.2, < 1.2.2
MEDIUM5.9CVE-2024-24680Django denial-of-service attack in the intcomma template filter
>= 3.2, < 3.2.24, >= 4.2, < 4.2.10, >= 5.0, < 5.0.2
MEDIUM5.9CVE-2024-24680Django denial-of-service attack in the intcomma template filter
>= 3.2, < 3.2.24
MEDIUM5.9CVE-2023-43665Django Denial-of-service in django.utils.text.Truncator
>= 3.2, < 3.2.22, >= 4.1, < 4.1.12, >= 4.2, < 4.2.6
MEDIUM5.9CVE-2023-43665Django Denial-of-service in django.utils.text.Truncator
>= 3.2a1, < 3.2.22
MEDIUM5.9CVE-2007-5712python-django - cross site request forgery
>= 0.96.0, < 0.96.1
MEDIUM5.9CVE-2007-5712python-django - cross site request forgery
from 0, < 1.1
MEDIUM5.9CVE-2020-13254python-django - security update
>= 2.2, < 2.2.13, >= 3.0, < 3.0.7
MEDIUM5.9CVE-2020-13254python-django - security update
>= 2.2, < 2.2.13
MEDIUM5.8CVE-2025-27556Django Potential Denial of Service (DoS) on Windows
>= 5.0, < 5.0.14
MEDIUM5.8CVE-2025-27556Django Potential Denial of Service (DoS) on Windows
>= 5.1, < 5.1.8, >= 5.0, < 5.0.14
MEDIUM5.8CVE-2024-56374Django has a potential denial-of-service vulnerability in IPv6 validation
>= 5.1, < 5.1.5, >= 5.0, < 5.0.11, >= 4.2, < 4.2.18
MEDIUM5.8CVE-2024-56374Django has a potential denial-of-service vulnerability in IPv6 validation
>= 5.1, < 5.1.5
MEDIUM5.5CVE-2016-2048Django Access Restrictions Bypass
>= 1.9, < 1.9.2
MEDIUM5.5CVE-2016-2048Django Access Restrictions Bypass
>= 1.9, < 1.9.2
MEDIUM5.4CVE-2026-1287Potential SQL injection in column aliases via control characters
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
MEDIUM5.4CVE-2026-1312Potential SQL injection via QuerySet.order_by and FilteredRelation
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
MEDIUM5.4CVE-2026-1287Potential SQL injection in column aliases via control characters
>= 6.0a1, < 6.0.2
MEDIUM5.4CVE-2026-1312Potential SQL injection via QuerySet.order_by and FilteredRelation
>= 6.0a1, < 6.0.2
MEDIUM5.4CVE-2026-1207Potential SQL injection via raster lookups on PostGIS
>= 6.0a1, < 6.0.2
MEDIUM5.4CVE-2026-1207Potential SQL injection via raster lookups on PostGIS
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
MEDIUM5.3CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
>= 6.0, < 6.0.5
MEDIUM5.3CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
>= 5.2, < 5.2.14, >= 6.0, < 6.0.5
MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
>= 6.0a1, < 6.0.2
MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
MEDIUM5.3CVE-2025-32873Django has a denial-of-service possibility in strip_tags()
>= 4.2, < 4.2.21, >= 5.1, < 5.1.9, >= 5.2, < 5.2.1
MEDIUM5.3CVE-2025-32873Django has a denial-of-service possibility in strip_tags()
>= 4.2, < 4.2.21
MEDIUM5.3CVE-2024-45230Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
>= 5.1, < 5.1.1, >= 5.0, < 5.0.9, >= 4.2, < 4.2.16
MEDIUM5.3CVE-2024-45230Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
>= 5.1, < 5.1.1
MEDIUM5.3CVE-2024-41989Django memory consumption vulnerability
>= 5.0, < 5.0.8, >= 4.2, < 4.2.15
MEDIUM5.3CVE-2024-41991Django vulnerable to denial-of-service attack
>= 5.0, < 5.0.8
MEDIUM5.3CVE-2024-41990Django vulnerable to a denial-of-service attack
>= 5.0, < 5.0.8, >= 4.2, < 4.2.15
MEDIUM5.3CVE-2024-41990Django vulnerable to a denial-of-service attack
>= 5.0, < 5.0.8
MEDIUM5.3CVE-2024-41991Django vulnerable to denial-of-service attack
>= 5.0, < 5.0.8, >= 4.2, < 4.2.15
MEDIUM5.3CVE-2024-41989Django memory consumption vulnerability
>= 5.0, < 5.0.8
MEDIUM5.3CVE-2024-39329Django vulnerable to user enumeration attack
>= 5.0, < 5.0.7
MEDIUM5.3CVE-2024-39329Django vulnerable to user enumeration attack
>= 5.0, < 5.0.7, >= 4.2, < 4.2.14
MEDIUM5.3CVE-2024-27351Regular expression denial-of-service in Django
>= 3.2, < 3.2.25
MEDIUM5.3CVE-2024-27351Regular expression denial-of-service in Django
>= 3.2, < 3.2.25, >= 4.2, < 4.2.11, >= 5.0, < 5.0.3
MEDIUM5.3CVE-2023-41164python-django - security update
>= 3.2, < 3.2.21
MEDIUM5.3CVE-2023-41164python-django - security update
>= 3.2, < 3.2.21, >= 4.1, < 4.1.11, >= 4.2, < 4.2.5
MEDIUM5.3CVE-2015-0219python-django - security update
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
MEDIUM5.3CVE-2015-0219python-django - security update
from 0, < 1.4.18
MEDIUM5.3CVE-2014-0483Django data leakage via querystring manipulation in admin
from 0, < 2b31342cdf14fc20e07c43d258f1e7334ad664a6 | from 0, < 1.4.14, >= 1.5, < 1.5.9, >= 1.6, < 1.6.6
MEDIUM5.3CVE-2014-0483Django data leakage via querystring manipulation in admin
from 0, < 1.4.14
MEDIUM5.3CVE-2013-0306Django is vulnerable to Denial of Service attack in formset
>= 1.3, < 1.3.6, >= 1.4, < 1.4.4
MEDIUM5.3CVE-2013-0306Django is vulnerable to Denial of Service attack in formset
>= 1.3, < 1.3.6
MEDIUM5.3CVE-2021-45452python-django - security update
>= 2.2, < 2.2.26, >= 3.2, < 3.2.11, >= 4.0, < 4.0.1
MEDIUM5.3CVE-2021-45452python-django - security update
>= 2.2, < 2.2.26
MEDIUM5.3CVE-2021-28658python-django - security update
>= 2.2, < 2.2.20, >= 3.0, < 3.0.14, >= 3.1, < 3.1.8
MEDIUM5.3CVE-2021-28658python-django - security update
>= 2.2a1, < 2.2.20
MEDIUM5.3CVE-2021-3281python-django - security update
>= 2.2, < 2.2.18
MEDIUM5.3CVE-2021-3281python-django - security update
>= 2.2, < 2.2.18, >= 3.0, < 3.0.12, >= 3.1, < 3.1.6
MEDIUM5.3CVE-2019-12781python-django - security update
>= 2.1, < 2.1.10
MEDIUM5.3CVE-2019-12781python-django - security update
>= 2.1, < 2.1.10, >= 2.2, < 2.2.3, >= 1.11, < 1.11.22
MEDIUM5.3CVE-2018-7536python-django - security update
>= 2.0a1, < 2.0.3
MEDIUM5.3CVE-2018-7536python-django - security update
>= 1.8, < 1.8.19, >= 1.11, < 1.11.11, >= 2.0, < 2.0.3
MEDIUM5.3CVE-2018-7537Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
>= 2.0, < 2.0.3
MEDIUM5.3CVE-2018-7537Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
>= 1.8, < 1.8.19, >= 1.11, < 1.11.11, >= 2.0, < 2.0.3
MEDIUM5.0CVE-2025-26699Django vulnerable to Allocation of Resources Without Limits or Throttling
>= 5.1, < 5.1.7, >= 5.0, < 5.0.13, >= 4.2, < 4.2.20
MEDIUM5.0CVE-2025-26699Django vulnerable to Allocation of Resources Without Limits or Throttling
>= 4.2, < 4.2.20
MEDIUM4.9CVE-2021-33203python-django - security update
from 0, < 2.2.24
MEDIUM4.9CVE-2021-33203python-django - security update
from 0, < 2.2.24, >= 3.0, < 3.1.12, >= 3.2, < 3.2.4
MEDIUM4.9CVE-2018-16984Django allows unprivileged users to read the password hashes of arbitrary accounts
>= 2.1, < 2.1.2
MEDIUM4.9CVE-2018-16984Django allows unprivileged users to read the password hashes of arbitrary accounts
>= 2.1, < 2.1.2
MEDIUM4.3CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
>= 6.0, < 6.0.5
MEDIUM4.3CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
>= 5.2, < 5.2.14, >= 6.0, < 6.0.5
MEDIUM4.3CVE-2025-13372Potential SQL injection in FilteredRelation column aliases on PostgreSQL
>= 4.2, < 4.2.27, >= 5.1, < 5.1.15, >= 5.2, < 5.2.9
MEDIUM4.3CVE-2025-13372Potential SQL injection in FilteredRelation column aliases on PostgreSQL
>= 5.2a1, < 5.2.9
MEDIUM4.3CVE-2013-0305Django Data leakage via admin history log
>= 1.3, < 1.3.6, >= 1.4, < 1.4.4
MEDIUM4.3CVE-2013-0305Django Data leakage via admin history log
>= 1.3, < 1.3.6
MEDIUM4.0CVE-2025-48432Django Improper Output Neutralization for Logs vulnerability
>= 5.2, < 5.2.2
MEDIUM4.0CVE-2025-48432Django Improper Output Neutralization for Logs vulnerability
>= 5.2, < 5.2.2, >= 5.1, < 5.1.10, >= 4.2, < 4.2.22
MEDIUM4.0CVE-2011-4136python-django - several issues
from 0, < 1.2.7
MEDIUM4.0CVE-2011-4136python-django - several issues
from 0, < 1.2.7, >= 1.3, < 1.3.1
LOW3.7CVE-2026-25674Django has a Race Condition vulnerability
>= 6.0, < 6.0.3
LOW3.7CVE-2024-45231Django allows enumeration of user e-mail addresses
>= 5.1, < 5.1.1
LOW3.1CVE-2025-59682Django vulnerable to partial directory traversal via archives
>= 4.2, < 4.2.25
LOW3.1CVE-2016-2513Django User Enumeration Vulnerability
from 0, < 1.8.10
LOW3.1CVE-2016-2513Django User Enumeration Vulnerability
from 0, < 67b46ba7016da2d259c1ecc7d666d11f5e1cfaab | from 0, < 1.8.10, >= 1.9, < 1.9.3
LOW2.8CVE-2015-8213python-django - security update
>= 1.7, < 1.7.11
LOW2.8CVE-2015-8213python-django - security update
from 0, < 316bc3fc9437c5960c24baceb93c73f1939711e4 | from 0, < 1.7.11, >= 1.8, < 1.8.7, >= 1.9a0, < 1.9rc2
LOW2.7CVE-2026-4292Privilege abuse in ModelAdmin.list_editable
>= 6.0, < 6.0.4
LOW2.7CVE-2026-4292Privilege abuse in ModelAdmin.list_editable
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
—CVE-2013-1664XML Entity Expansion (XEE) in Django
>= 1.3.0, < 1.3.6
—CVE-2013-1665XML External Entity (XXE) in Django
>= 1.3.0, < 1.3.6
—CVE-2007-0405Django Improper Access Control
>= 0.95, < 1.0
—CVE-2007-0404Django Arbitrary Code Execution
>= 0.95, < 1.0