Django

Latest version: v5.1.4

Vulnerabilities (126)

CVE/PVE Vulnerability ID Advisory Affected versions Severity Severity Score
CVE-2014-0474 35512

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFi…

  • >=1.7a1,<1.7b2
  • >=1.6a1,<1.6.3
  • >=1.5a1,<1.5.6
  • <1.4.11
HIGH 10.0
CVE-2014-3730 35569

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13…

  • >=1.5a1,<1.5.8
  • >=1.6a1,<1.6.5
  • >=1.7a1,<1.7b4
  • <1.4.13
MEDIUM 4.3
CVE-2015-2317 25713

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1…

  • <1.4.20
  • >=1.5a1,<1.6.11
  • >=1.7a1,<1.7.7
  • >=1.8a1,<1.8c1
MEDIUM 4.3
CVE-2014-0480 35513

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x…

  • <1.4.14
  • >=1.5a1,<1.5.9
  • >=1.6a1,<1.6.6
  • >=1.7a1,<1.7rc3
MEDIUM 5.8
CVE-2014-0481 35514

Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-048…

  • <1.4.14
  • >=1.5a1,<1.5.9
  • >=1.6a1,<1.6.6
  • >=1.7a1,<1.7rc3
MEDIUM 4.3
CVE-2014-0482 35515

Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-048…

  • <1.4.14
  • >=1.5a1,<1.5.9
  • >=1.6a1,<1.6.6
  • >=1.7a1,<1.7rc3
MEDIUM 6.0
CVE-2014-0483 35516

The administrative interface (contrib.admin) in Django before 1.4.14,…

  • <1.4.14
  • >=1.5a1,<1.5.9
  • >=1.6a1,<1.6.6
  • >=1.7a1,<1.7rc3
LOW 3.5
CVE-2014-1418 35519

Django 1.4.13, 1.5.8, 1.6.5 and 1.7b4 include a fix for CVE-2014-1418…

  • <1.4.13
  • >=1.5a1,<1.5.8
  • >=1.6a1,<1.6.5
  • >=1.7a1,<1.7b4
MEDIUM 6.4
CVE-2014-0473 35511

Django 1.4.11, 1.5.6, 1.6.3 and 1.7b2 include a fix for CVE-2014-0473…

  • <1.4.11
  • >=1.5a1,<1.5.6
  • >=1.6a1,<1.6.3
  • >=1.7a1,<1.7b2
MEDIUM 5.0
CVE-2014-0472 35510

Django 1.4.11, 1.5.6, 1.6.3 and 1.7b2 include a fix for CVE-2014-0472…

  • <1.4.11
  • >=1.5a1,<1.5.6
  • >=1.6a1,<1.6.3
  • >=1.7a1,<1.7b2
MEDIUM 5.1
CVE-2024-53908 74396

Django affected versions are vulnerable to a potential SQL injection …

  • <4.2.17
  • >=5.0a1,<5.0.10
  • >=5.1a1,<5.1.4
- -
CVE-2024-53907 74395

Affected versions of Django are vulnerable to a potential denial-of-s…

  • <4.2.17
  • >=5.0a1,<5.0.10
  • >=5.1a1,<5.1.4
- -
CVE-2024-45231 73028

A security vulnerability has been discovered in certain versions of D…

  • <4.2.16
  • >=5.0a1,<5.0.9
  • >=5.1a1,<5.1.1
MEDIUM 5.3
CVE-2024-45230 73023

A potential denial-of-service vulnerability has been identified in Dj…

  • <4.2.16
  • >=5.0a1,<5.0.9
  • >=5.1a1,<5.1.1
HIGH 7.5
CVE-2023-36053 59293

Affected versions of Django are vulnerable to a potential ReDoS (regu…

  • >=4.0a1,<4.1.10
  • >=4.2a1,<4.2.3
  • <3.2.20
HIGH 7.5
CVE-2021-31542 40404

Django 2.2.21, 3.1.9 and 3.2.1 include a fix for CVE-2021-31542: Mult…

  • >=3.2a1,<3.2.1
  • <2.2.21
  • >=3.0a1,<3.1.9
HIGH 7.5
CVE-2024-27351 65771

Affected versions of Django are vulnerable to potential regular expre…

  • <3.2.25
  • >=4.0a1,<4.2.11
  • >=5.0a1,<5.0.3
- -
CVE-2024-24680 64976

Affected versions of Django are vulnerable to potential denial-of-ser…

  • <3.2.24
  • >=4.0a1,<4.2.10
  • >=5.0a1,<5.0.2
HIGH 7.5
CVE-2023-46695 62126

Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Pot…

  • <3.2.23
  • >=4.0a1,<4.1.13
  • >=4.2a1,<4.2.7
HIGH 7.5
CVE-2023-43665 61586

Affected versions of Django are vulnerable to Denial-of-Service via d…

  • <3.2.22
  • >=4.0a1,<4.1.12
  • >=4.2a1,<4.2.6
HIGH 7.5
CVE-2023-41164 60956

Affected versions of Django are vulnerable to potential Denial of Ser…

  • <3.2.21
  • >=4.0a1,<4.1.11
  • >=4.2a1,<4.2.5
HIGH 7.5
CVE-2023-31047 55264

Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In D…

  • <3.2.19
  • >=4.0a1,<4.1.9
  • >=4.2a1,<4.2.1
CRITICAL 9.8
CVE-2023-24580 53315

Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Pot…

  • <3.2.18
  • >=4.0a1,<4.0.10
  • >=4.1a1,<4.1.7
HIGH 7.5
CVE-2023-23969 52945

Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In …

  • <3.2.17
  • >=4.0a1,<4.0.9
  • >=4.1a1,<4.1.6
HIGH 7.5
CVE-2022-41323 51340

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, …

  • <3.2.16
  • >=4.0a1,<4.0.8
  • >=4.1a1,<4.1.2
HIGH 7.5
CVE-2021-32052 40414

Django versions 3.2.2, 3.1.10 and 2.2.22 include a fix for CVE-2021-3…

  • >=3.1a1,<3.1.10
  • >=2.2a1,<2.2.22
  • >=3.2a1,<3.2.2
MEDIUM 6.1
CVE-2021-23336 39646

Django versions 2.2.19, 3.0.13 and 3.1.7 include a fix for CVE-2021-2…

  • >=3.0a1,<3.0.13
  • >=3.1a1,<3.1.7
  • <2.2.19
MEDIUM 5.9
CVE-2021-33571 40638

Django 2.2.24, 3.1.12, and 3.2.4 include a fix for CVE-2021-33571: In…

  • >=3.0.0a1,<3.1.12
  • >=3.2.0a1,<3.2.4
  • <2.2.24
HIGH 7.5
CVE-2021-28658 40163

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,…

  • >=2.2a1,<2.2.20
  • >=3.0a1,<3.0.14
  • >=3.1a1,<3.1.8
MEDIUM 5.3
CVE-2022-28346 48041

Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28346: An …

  • <2.2.28
  • >=3.0a1,<3.2.13
  • >=4.0a1,<4.0.4
CRITICAL 9.8
CVE-2022-28347 48040

Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28347: A S…

  • <2.2.28
  • >=3.0a1,<3.2.13
  • >=4.0a1,<4.0.4
CRITICAL 9.8
CVE-2022-22818 44742

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before …

  • <2.2.27
  • >=3.0a1,<3.2.12
  • >=4.0a1,<4.0.2
MEDIUM 6.1
CVE-2022-23833 44741

Django 2.2.27, 3.2.12 and 4.0.2 include a fix for CVE-2022-23833: Den…

  • <2.2.27
  • >=3.0a1,<3.2.12
  • >=4.0a1,<4.0.2
HIGH 7.5
CVE-2021-45116 44427

Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45116: An …

  • <2.2.26
  • >=3.0a1,<3.2.11
  • >=4.0a1,<4.0.1
HIGH 7.5
CVE-2021-45115 44423

Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45115: Use…

  • <2.2.26
  • >=3.0a1,<3.2.11
  • >=4.0a1,<4.0.1
HIGH 7.5
CVE-2021-45452 44426

Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45452: Sto…

  • <2.2.26
  • >=3.0a1,<3.2.11
  • >=4.0a1,<4.0.1
MEDIUM 5.3
CVE-2021-44420 43041

Django versions 2.2.25, 3.1.14 and 3.2.10 include a fix for CVE-2021-…

  • <2.2.25
  • >=3.2a1,<3.2.10
  • >=3.1a1,<3.1.14
HIGH 7.3
CVE-2021-33203 40637

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a…

  • <2.2.24
  • >=3.0a1,<3.1.12
  • >=3.2a1,<3.2.4
MEDIUM 4.9
CVE-2020-24584 38752

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.1…

  • <2.2.16
  • >=3.0a1,<3.0.10
  • >=3.1a1,<3.1.1
HIGH 7.5
CVE-2020-24583 38749

Django 2.2.16, 3.0.10 and 3.1.1 include a fix for CVE-2020-24583: An …

  • <2.2.16
  • >=3.0a1,<3.0.10
  • >=3.1a1,<3.1.1
HIGH 7.5
PVE-2023-60132 60132

Django 1.11.16, 2.0.9 and 2.1.1 include a fix for a Race Condition vu…

  • >=2.1a1,<2.1.1
  • >=2.0a1,<2.0.9
  • <1.11.16
- -
CVE-2021-3281 39521

Django 2.2.18, 3.0.12 and 3.1.6 include a fix for CVE-2021-3281: The …

  • >=2.0a1,<2.2.18
  • >=3.0a1,<3.0.12
  • >=3.1a1,<3.1.6
MEDIUM 5.3
CVE-2019-14232 37326

Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14232: If…

  • >=2.0a1,<2.1.11
  • >=2.2a1,<2.2.4
  • <1.11.23
HIGH 7.5
CVE-2018-7537 35796

Django 2.0.3, 1.8.19 and 1.11.11 include a fix for CVE-2018-7537: An …

  • >=2.0a1,<2.0.3
  • >=1.8a1,<1.8.19
  • >=1.11a1,<1.11.11
MEDIUM 5.3
CVE-2018-7536 35797

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.…

  • >=2.0a1,<2.0.3
  • >=1.8a1,<1.8.19
  • >=1.11a1,<1.11.11
MEDIUM 5.3
CVE-2018-6188 35173

Django 2.0.2 and 1.11.10 include a fix for CVE-2018-6188: django.cont…

  • >=2.0a1,<2.0.2
  • ==1.11.8
  • ==1.11.9
HIGH 7.5
CVE-2019-6975 36884

Django 1.11.19, 2.0.11 and 2.1.6 include a fix for CVE-2019-6975: Unc…

  • >=2.0a1,<2.0.11
  • <1.11.19
  • >=2.1a1,<2.1.6
HIGH 7.5
CVE-2015-2316 25731

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7…

  • >=1.8a1,<1.8c1
  • >=1.7a1,<1.7.7
  • >=1.6a1,<1.6.11
MEDIUM 5.0
CVE-2016-9014 33075

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x be…

  • >=1.8a1,<1.8.16
  • >=1.9a1,<1.9.11
  • >=1.10a1,<1.10.3
HIGH 8.1
CVE-2016-9013 33076

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.…

  • >=1.8a1,<1.8.16
  • >=1.9a1,<1.9.11
  • >=1.10a1,<1.10.3
CRITICAL 9.8
CVE-2016-6186 25721

Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedO…

  • <1.8.14
  • >=1.9a1,<1.9.18
  • >=1.10a1,<1.10rc1
MEDIUM 6.1
CVE-2017-7234 35740

Django versions 1.10.7, 1.9.13 and 1.8.18 include a fix for CVE-2017-…

  • >=1.8.0a1,<1.8.18
  • >=1.9.0a1,<1.9.13
  • >=1.10.0a1,<1.10.7
MEDIUM 6.1
CVE-2015-8213 25714

The get_format function in utils/formats.py in Django before 1.7.x be…

  • <1.7.11
  • >=1.8a1,<1.8.7
  • >=1.9a1,<1.9rc2
MEDIUM 5.0
CVE-2013-1443 25729

The authentication framework (django.contrib.auth) in Django 1.4.x be…

  • >=1.6a1,<1.6b4
  • >=1.4a1,<1.4.8
  • >=1.5a1,<1.5.4
MEDIUM 5.0
CVE-2013-0305 33111

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x bef…

  • >=1.5a1,<1.5.1
  • >=1.4a1,<1.4.4
  • >=1.3a1,<1.3.6
MEDIUM 4.0
CVE-2013-6044 42237

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.…

  • >=1.4a1,<1.4.6
  • >=1.5a1,<1.5.2
  • >=1.6a1,<1.6b2
MEDIUM 4.3
CVE-2015-5963 25727

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before …

  • >=1.4a1,<1.4.22
  • >=1.7a1,<1.7.10
  • >=1.8a1,<1.8.4
MEDIUM 5.0
CVE-2013-4315 35461

Django 1.4.7, 1.5.3 and 1.6.0b3 include a fix for CVE-2013-4315: Dire…

  • <1.4.7
  • >=1.5a1,<1.5.3
  • >=1.6a1,<1.6b3
MEDIUM 5.0
CVE-2015-5144 25726

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.…

  • <1.4.21
  • >=1.8a1,<1.8.3
  • >=1.5a1,<1.7.9
MEDIUM 4.3
CVE-2015-5143 25725

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.…

  • <1.4.21
  • >=1.5a1,<1.7.9
  • >=1.8a1,<1.8.3
HIGH 7.8
CVE-2015-0220 33071

The django.util.http.is_safe_url function in Django before 1.4.18, 1.…

  • <1.4.18
  • >=1.6a1,<1.6.10
  • >=1.7a1,<1.7.3
MEDIUM 4.3
CVE-2015-0221 33072

The django.views.static.serve view in Django before 1.4.18, 1.6.x bef…

  • <1.4.18
  • >=1.6a1,<1.6.10
  • >=1.7a1,<1.7.3
MEDIUM 5.0
CVE-2015-0219 33070

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 all…

  • <1.4.18
  • >=1.6a1,<1.6.10
  • >=1.7a1,<1.7.3
MEDIUM 5.0
CVE-2013-0306 33112

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, an…

  • >=1.3a1,<1.3.6
  • >=1.4a1,<1.4.4
  • >=1.5a1,<1.5.1
MEDIUM 5.0
CVE-2020-9402 38010

Django 1.11.29, 2.2.11 and 3.0.4 includes a fix for CVE-2020-9402: Dj…

  • >=1.11a1,<1.1.29
  • >=2.2a1,<2.2.11
  • >=3.0a1,<3.0.4
HIGH 8.8
CVE-2020-7471 37815

Django 1.11.28, 2.2.10 and 3.0.3 include a fix for CVE-2020-7471: SQL…

  • >=1.11a1,<1.11.28
  • >=2.0a1,<2.2.10
  • >=3.0a1,<3.0.3
CRITICAL 9.8
CVE-2019-19844 37661

Django 1.11.27, 2.2.9 and 3.0.1 include a fix for CVE-2019-19844: Acc…

  • >=1.11a1,<1.11.27
  • >=2.0a1,<2.2.9
  • >=3.0a1,<3.0.1
CRITICAL 9.8
CVE-2019-14233 39593

Django 1.11.23, 2.1.11, and 2.2.4 include a fix for CVE-2019-14233: D…

  • >=1.11a1,<1.11.23
  • >=2.0a1,<2.1.11
  • >=2.2a1,<2.2.4
HIGH 7.5
CVE-2019-14234 39592

Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Du…

  • >=1.11a1,<1.11.23
  • >=2.0a1,<2.1.11
  • >=2.2a1,<2.2.4
CRITICAL 9.8
CVE-2019-14235 39591

Django 1.11.23, 2.1.11 and 2.2.4 includes a fix for CVE-2019-14235: I…

  • >=1.11a1,<1.11.23
  • >=2.0a1,<2.1.11
  • >=2.2a1,<2.2.4
HIGH 7.5
CVE-2019-12781 37261

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1…

  • >=1.11a1,<1.11.22
  • >=2.2a1,<2.2.3
  • >=2.1a1,<2.1.10
MEDIUM 5.3
CVE-2019-12308 37186

Django 1.11.21, 2.1.9 and 2.2.2 include a fix for CVE-2019-12308: The…

  • >=1.11a1,<1.11.21
  • >=2.0a1,<2.1.9
  • >=2.2a1,<2.2.2
MEDIUM 6.1
CVE-2017-7233 33300

Django version 1.10.7, 1.9.13 and 1.8.18 include a fix for CVE-2017-7…

  • >=1.10a1,<1.10.7
  • >=1.9a1,<1.9.13
  • >=1.8a1,<1.8.18
MEDIUM 6.1
CVE-2008-3909 35299

Django 0.91.3, 0.95.4 and 0.96.3 include a fix for CVE-2008-3909: The…

  • <0.91.3
  • >=0.95a1,<0.95.4
  • >=0.96a1,<0.96.3
MEDIUM 5.8
CVE-2008-2302 35291

Cross-site scripting (XSS) vulnerability in the login form in the adm…

  • <0.91.2
  • >=0.95a1,<0.95.3
  • >=0.96a1,<0.96.2
MEDIUM 4.3
CVE-2007-5712 35277

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.…

  • <0.91.1
  • >=0.95a1,<0.95.2
  • >=0.96a1,<0.96.1
LOW 2.6
CVE-2024-41991 72520

Django has a potential denial-of-service vulnerability in django.util…

  • <4.2.15
  • >=5.0a1,<5.0.8
HIGH 7.5
CVE-2024-42005 72521

Affected versions of Django has a potential SQL injection vulnerabili…

  • <4.2.15
  • >=5.0a1,<5.0.8
HIGH 7.3
CVE-2024-41990 72515

Django addresses a memory exhaustion issue in django.utils.numberform…

  • <4.2.15
  • >=5.0a1,<5.0.8
HIGH 7.5
CVE-2024-39329 72109

Affected versions of Django are affected by a username enumeration vu…

  • <4.2.14
  • >=5.0a1,<5.0.7
- -
CVE-2024-39614 72111

Affected versions of Django are potentially vulnerable to denial-of-s…

  • <4.2.14
  • >=5.0a1,<5.0.7
- -
CVE-2024-39330 72110

Affected versions of Django are affected by a directory-traversal vul…

  • <4.2.14
  • >=5.0a1,<5.0.7
- -
CVE-2024-38875 72095

Affected versions of Django are affected by a potential denial-of-ser…

  • <4.2.14
  • >=5.0a1,<5.0.7
- -
CVE-2022-36359 50454

Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue wa…

  • <3.2.15
  • >=4.0a1,<4.0.7
HIGH 8.8
CVE-2022-34265 49733

Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential S…

  • <3.2.14
  • >=4.0a1,<4.0.6
CRITICAL 9.8
CVE-2021-35042 40899

Django versions 3.1.13 and 3.2.5 include a fix for CVE-2021-35042: Dj…

  • >=3.1a1,<3.1.13
  • >=3.2a1,<3.2.5
CRITICAL 9.8
CVE-2020-13254 38373

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.…

  • >=3.0a1,<3.0.7
  • >=2.2a1,<2.2.13
MEDIUM 5.9
CVE-2020-13596 38372

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.…

  • >=3.0a1,<3.0.7
  • >=2.2a1,<2.2.13
MEDIUM 6.1
CVE-2019-19118 37656

Django 2.1.15 and 2.2.8 includes a fix for CVE-2019-19118: A Django m…

  • >=2.1a1,<2.1.15
  • >=2.2a1,<2.2.8
MEDIUM 6.5
CVE-2019-11358 39594

Django versions 2.1.9 and 2.2.2 include a patched bundled jQuery vers…

  • <2.1.9
  • >=2.2a1,<2.2.2
MEDIUM 6.1
CVE-2016-7401 25718

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.…

  • <1.8.15
  • >=1.9a1,<1.9.10
HIGH 7.5
CVE-2016-2513 33074

The password hasher in contrib/auth/hashers.py in Django before 1.8.1…

  • <1.8.10
  • >=1.9a1,<1.9.3
LOW 3.1
CVE-2016-2512 33073

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x…

  • <1.8.10
  • >=1.9a1,<1.9.3
HIGH 7.4
CVE-2015-2241 25715

Cross-site scripting (XSS) vulnerability in the contents function in …

  • <1.7.6
  • >=1.8a1,<1.8b2
MEDIUM 4.3
CVE-2015-0222 25730

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x befo…

  • >=1.6a1,<1.6.10
  • >=1.7a1,<1.7.3
MEDIUM 5.0
CVE-2013-4249 35456

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget w…

  • >=1.5a1,<1.5.2
  • >=1.6a1,<1.6b2
MEDIUM 4.3
CVE-2015-5964 25728

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cach…

  • >=1.4a1,<1.4.22
  • >=1.7a1,<1.7.10
MEDIUM 5.0
CVE-2012-4520 25709

The django.http.HttpRequest.get_host function in Django 1.3.x before …

  • <1.3.4
  • >=1.4a1,<1.4.2
MEDIUM 6.4
CVE-2012-3443 33068

The django.forms.ImageField class in the form system in Django before…

  • <1.3.2
  • >=1.4a1,<1.4.1
MEDIUM 5.0
CVE-2012-3444 33069

The get_image_dimensions function in the image-handling functionality…

  • <1.3.2
  • >=1.4a1,<1.4.1
MEDIUM 5.0
CVE-2012-3442 33067

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResp…

  • <1.3.2
  • >=1.4a1,<1.4.1
MEDIUM 4.3
CVE-2011-4139 35348

Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before…

  • <1.2.7
  • >=1.3a1,<1.3.1
MEDIUM 5.0
CVE-2011-4137 33064

The verify_exists functionality in the URLField implementation in Dja…

  • <1.2.7
  • >=1.3a1,<1.3.1
MEDIUM 5.0
CVE-2011-4136 33063

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1…

  • <1.2.7
  • >=1.3a1,<1.3.1
MEDIUM 5.8
CVE-2011-4140 33066

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throu…

  • <1.2.7
  • >=1.3a1,<1.3.1
MEDIUM 6.8
CVE-2011-4138 33065

The verify_exists functionality in the URLField implementation in Dja…

  • <1.2.7
  • >=1.3a1,<1.3.1
MEDIUM 5.0
CVE-2011-0696 33060

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly va…

  • <1.1.4
  • >=1.2a1,<1.2.5
MEDIUM 6.8
CVE-2011-0698 33062

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.…

  • <1.1.4
  • >=1.2a1,<1.2.5
HIGH 7.5
CVE-2010-4534 33058

The administrative interface in django.contrib.admin in Django before…

  • <1.1.3
  • >=1.2a1,<1.2.4
MEDIUM 4.0
CVE-2010-4535 33059

The password reset functionality in django.contrib.auth in Django bef…

  • <1.1.3
  • >=1.2a1,<1.2.4
MEDIUM 5.0
CVE-2018-14574 36368

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.1…

  • >=1.11a1,<1.11.15
  • >=2.0a1,<2.0.8
MEDIUM 6.1
CVE-2017-12794 34918

Django 1.10.8 and 1.11.5 include a fix for CVE-2017-12794: In Django …

  • <1.10.8
  • >=1.11a1,<1.11.5
MEDIUM 6.1
CVE-2009-2659 25694

The Admin media handler in core/servers/basehttp.py in Django 1.0 and…

  • >=1.0a0,<1.0.3
  • <0.96.4
MEDIUM 5.0
CVE-2009-3695 25695

Algorithmic complexity vulnerability in the forms library in Django 1…

  • <1.0.4
  • >=1.1a1,<1.1.1
MEDIUM 5.0
PVE-2024-99804 66011

Django versions until 1.3.6 and from 1.4 to 1.4.4 are vulnerable to D…

  • >=0,<1.3.6
  • >=1.4,<1.4.4
- -
PVE-2024-99805 66010

Django versions until 1.3.6 and from 1.4 to 1.4.4 can be compromised …

  • >=0,<1.3.6
  • >=1.4,<1.4.4
- -
CVE-2019-3498 36769

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x befor…

  • >=2.1a1,<2.1.5
MEDIUM 6.5
CVE-2018-16984 36522

An issue was discovered in Django 2.1 before 2.1.2, in which unprivil…

  • >=2.1a1,<2.1.2
MEDIUM 4.9
CVE-2016-2048 25735

Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, al…

  • >=1.9a1,<1.9.2
MEDIUM 5.5
CVE-2015-5145 25733

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote at…

  • >=1.8a1,<1.8.3
HIGH 7.8
CVE-2015-3982 25732

The session.flush function in the cached_db backend in Django 1.8.x b…

  • >=1.8a1,<1.8.2
MEDIUM 5.0
PVE-2023-99933 61888

The Django administrative tool, known as django.contrib.admin, presum…

  • >=1.5,<1.5.2
- -
CVE-2010-3082 25701

Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2…

  • <1.2.2
MEDIUM 4.3
CVE-2011-0697 33061

Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4…

  • <1.1.4
MEDIUM 4.3
CVE-2007-0405 61152

The LazyUser class in the AuthenticationMiddleware for Django 0.95 do…

  • <=0.95
MEDIUM 6.5
CVE-2007-0404 61151

bin/compile-messages.py in Django 0.95 does not quote argument string…

  • <=0.95
HIGH 7.5