PyPi: Django

CVE-2025-26699

Safety vulnerability ID: 75744

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 06, 2025 Updated at Mar 25, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of Django are vulnerable to a potential denial-of-service in django.utils.text.wrap(). The django.utils.text.wrap() and wordwrap template filter were subject to a potential denial-of-service attack when used with very long strings.

Affected package

django

Latest version: 5.1.7

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Affected versions

Fixed versions

Vulnerability changelog

===========================

*March 6, 2025*

Django 4.2.20 fixes a security issue with severity "moderate" in 4.2.19.

CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
=========================================================================================

The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
potential denial-of-service attack when used with very long strings.

===========================

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26699

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application