Latest version: v5.0.4
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2014-0474 | 35512 |
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFi… |
|
HIGH | 10.0 |
| CVE-2014-3730 | 35569 |
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13… |
|
MEDIUM | 4.3 |
| CVE-2015-2317 | 25713 |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1… |
|
MEDIUM | 4.3 |
| CVE-2014-0483 | 35516 |
The administrative interface (contrib.admin) in Django before 1.4.14,… |
|
LOW | 3.5 |
| CVE-2014-0480 | 35513 |
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x… |
|
MEDIUM | 5.8 |
| CVE-2014-0482 | 35515 |
Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-048… |
|
MEDIUM | 6.0 |
| CVE-2014-0481 | 35514 |
Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-048… |
|
MEDIUM | 4.3 |
| CVE-2014-1418 | 35519 |
Django 1.4.13, 1.5.8, 1.6.5 and 1.7b4 include a fix for CVE-2014-1418… |
|
MEDIUM | 6.4 |
| CVE-2014-0473 | 35511 |
Django 1.4.11, 1.5.6, 1.6.3 and 1.7b2 include a fix for CVE-2014-0473… |
|
MEDIUM | 5.0 |
| CVE-2014-0472 | 35510 |
Django 1.4.11, 1.5.6, 1.6.3 and 1.7b2 include a fix for CVE-2014-0472… |
|
MEDIUM | 5.1 |
| CVE-2023-36053 | 59293 |
Affected versions of Django are vulnerable to a potential ReDoS (regu… |
|
HIGH | 7.5 |
| CVE-2021-31542 | 40404 |
Django 2.2.21, 3.1.9 and 3.2.1 include a fix for CVE-2021-31542: Mult… |
|
HIGH | 7.5 |
| CVE-2024-27351 | 65771 |
Affected versions of Django are vulnerable to potential regular expre… |
|
- | - |
| CVE-2024-24680 | 64976 |
Affected versions of Django are vulnerable to potential denial-of-ser… |
|
HIGH | 7.5 |
| CVE-2023-46695 | 62126 |
Django 4.2.7, 4.1.13 and 3.2.23 include a fix for CVE-2023-46695: Pot… |
|
HIGH | 7.5 |
| CVE-2023-43665 | 61586 |
Affected versions of Django are vulnerable to Denial-of-Service via d… |
|
HIGH | 7.5 |
| CVE-2023-41164 | 60956 |
Affected versions of Django are vulnerable to potential Denial of Ser… |
|
HIGH | 7.5 |
| CVE-2023-31047 | 55264 |
Django 4.2.1, 4.1.9 and 3.2.19 include a fix for CVE-2023-31047: In D… |
|
CRITICAL | 9.8 |
| CVE-2023-24580 | 53315 |
Django 4.1.7, 4.0.10 and 3.2.18 include a fix for CVE-2023-24580: Pot… |
|
HIGH | 7.5 |
| CVE-2023-23969 | 52945 |
Django 3.2.17, 4.0.9 and 4.1.6 includes a fix for CVE-2023-23969: In … |
|
HIGH | 7.5 |
| CVE-2022-41323 | 51340 |
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, … |
|
HIGH | 7.5 |
| CVE-2021-32052 | 40414 |
Django versions 3.2.2, 3.1.10 and 2.2.22 include a fix for CVE-2021-3… |
|
MEDIUM | 6.1 |
| CVE-2021-23336 | 39646 |
Django versions 2.2.19, 3.0.13 and 3.1.7 include a fix for CVE-2021-2… |
|
MEDIUM | 5.9 |
| CVE-2021-33571 | 40638 |
Django 2.2.24, 3.1.12, and 3.2.4 include a fix for CVE-2021-33571: In… |
|
HIGH | 7.5 |
| CVE-2021-28658 | 40163 |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,… |
|
MEDIUM | 5.3 |
| CVE-2022-28347 | 48040 |
Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28347: A S… |
|
CRITICAL | 9.8 |
| CVE-2022-28346 | 48041 |
Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28346: An … |
|
CRITICAL | 9.8 |
| CVE-2022-22818 | 44742 |
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before … |
|
MEDIUM | 6.1 |
| CVE-2022-23833 | 44741 |
Django 2.2.27, 3.2.12 and 4.0.2 include a fix for CVE-2022-23833: Den… |
|
HIGH | 7.5 |
| CVE-2021-45116 | 44427 |
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45116: An … |
|
HIGH | 7.5 |
| CVE-2021-45115 | 44423 |
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45115: Use… |
|
HIGH | 7.5 |
| CVE-2021-45452 | 44426 |
Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45452: Sto… |
|
MEDIUM | 5.3 |
| CVE-2021-44420 | 43041 |
Django versions 2.2.25, 3.1.14 and 3.2.10 include a fix for CVE-2021-… |
|
HIGH | 7.3 |
| CVE-2021-33203 | 40637 |
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a… |
|
MEDIUM | 4.9 |
| CVE-2020-24584 | 38752 |
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.1… |
|
HIGH | 7.5 |
| CVE-2020-24583 | 38749 |
Django 2.2.16, 3.0.10 and 3.1.1 include a fix for CVE-2020-24583: An … |
|
HIGH | 7.5 |
| PVE-2023-60132 | 60132 |
Django 1.11.16, 2.0.9 and 2.1.1 include a fix for a Race Condition vu… |
|
- | - |
| CVE-2021-3281 | 39521 |
Django 2.2.18, 3.0.12 and 3.1.6 include a fix for CVE-2021-3281: The … |
|
MEDIUM | 5.3 |
| CVE-2018-7537 | 35796 |
Django 2.0.3, 1.8.19 and 1.11.11 include a fix for CVE-2018-7537: An … |
|
MEDIUM | 5.3 |
| CVE-2018-7536 | 35797 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.… |
|
MEDIUM | 5.3 |
| CVE-2018-6188 | 35173 |
Django 2.0.2 and 1.11.10 include a fix for CVE-2018-6188: django.cont… |
|
HIGH | 7.5 |
| CVE-2019-6975 | 36884 |
Django 1.11.19, 2.0.11 and 2.1.6 include a fix for CVE-2019-6975: Unc… |
|
HIGH | 7.5 |
| CVE-2015-2316 | 25731 |
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7… |
|
MEDIUM | 5.0 |
| CVE-2016-9014 | 33075 |
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x be… |
|
HIGH | 8.1 |
| CVE-2016-9013 | 33076 |
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.… |
|
CRITICAL | 9.8 |
| CVE-2016-6186 | 25721 |
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedO… |
|
MEDIUM | 6.1 |
| CVE-2017-7234 | 35740 |
Django versions 1.10.7, 1.9.13 and 1.8.18 include a fix for CVE-2017-… |
|
MEDIUM | 6.1 |
| CVE-2015-8213 | 25714 |
The get_format function in utils/formats.py in Django before 1.7.x be… |
|
MEDIUM | 5.0 |
| CVE-2013-1443 | 25729 |
The authentication framework (django.contrib.auth) in Django 1.4.x be… |
|
MEDIUM | 5.0 |
| CVE-2013-0305 | 33111 |
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x bef… |
|
MEDIUM | 4.0 |
| CVE-2013-6044 | 42237 |
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.… |
|
MEDIUM | 4.3 |
| CVE-2015-5963 | 25727 |
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before … |
|
MEDIUM | 5.0 |
| CVE-2013-4315 | 35461 |
Django 1.4.7, 1.5.3 and 1.6.0b3 include a fix for CVE-2013-4315: Dire… |
|
MEDIUM | 5.0 |
| CVE-2015-5144 | 25726 |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.… |
|
MEDIUM | 4.3 |
| CVE-2015-5143 | 25725 |
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.… |
|
HIGH | 7.8 |
| CVE-2015-0221 | 33072 |
The django.views.static.serve view in Django before 1.4.18, 1.6.x bef… |
|
MEDIUM | 5.0 |
| CVE-2015-0220 | 33071 |
The django.util.http.is_safe_url function in Django before 1.4.18, 1.… |
|
MEDIUM | 4.3 |
| CVE-2015-0219 | 33070 |
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 all… |
|
MEDIUM | 5.0 |
| CVE-2013-0306 | 33112 |
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, an… |
|
MEDIUM | 5.0 |
| CVE-2020-9402 | 38010 |
Django 1.11.29, 2.2.11 and 3.0.4 includes a fix for CVE-2020-9402: Dj… |
|
HIGH | 8.8 |
| CVE-2020-7471 | 37815 |
Django 1.11.28, 2.2.10 and 3.0.3 include a fix for CVE-2020-7471: SQL… |
|
CRITICAL | 9.8 |
| CVE-2019-19844 | 37661 |
Django 1.11.27, 2.2.9 and 3.0.1 include a fix for CVE-2019-19844: Acc… |
|
CRITICAL | 9.8 |
| CVE-2019-14234 | 39592 |
Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Du… |
|
CRITICAL | 9.8 |
| CVE-2019-14232 | 37326 |
Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14232: If… |
|
HIGH | 7.5 |
| CVE-2019-14235 | 39591 |
Django 1.11.23, 2.1.11 and 2.2.4 includes a fix for CVE-2019-14235: I… |
|
HIGH | 7.5 |
| CVE-2019-14233 | 39593 |
Django 1.11.23, 2.1.11, and 2.2.4 include a fix for CVE-2019-14233: D… |
|
HIGH | 7.5 |
| CVE-2019-12781 | 37261 |
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1… |
|
MEDIUM | 5.3 |
| CVE-2019-12308 | 37186 |
Django 1.11.21, 2.1.9 and 2.2.2 include a fix for CVE-2019-12308: The… |
|
MEDIUM | 6.1 |
| CVE-2017-7233 | 33300 |
Django version 1.10.7, 1.9.13 and 1.8.18 include a fix for CVE-2017-7… |
|
MEDIUM | 6.1 |
| CVE-2008-3909 | 35299 |
Django 0.91.3, 0.95.4 and 0.96.3 include a fix for CVE-2008-3909: The… |
|
MEDIUM | 5.8 |
| CVE-2008-2302 | 35291 |
Cross-site scripting (XSS) vulnerability in the login form in the adm… |
|
MEDIUM | 4.3 |
| CVE-2007-5712 | 35277 |
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.… |
|
LOW | 2.6 |
| CVE-2022-36359 | 50454 |
Django 3.2.15 and 4.0.7 include a fix for CVE-2022-36359: An issue wa… |
|
HIGH | 8.8 |
| CVE-2022-34265 | 49733 |
Django 3.2.14 and 4.0.6 include a fix for CVE-2022-34265: Potential S… |
|
CRITICAL | 9.8 |
| CVE-2021-35042 | 40899 |
Django versions 3.1.13 and 3.2.5 include a fix for CVE-2021-35042: Dj… |
|
CRITICAL | 9.8 |
| CVE-2020-13254 | 38373 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.… |
|
MEDIUM | 5.9 |
| CVE-2020-13596 | 38372 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.… |
|
MEDIUM | 6.1 |
| CVE-2019-19118 | 37656 |
Django 2.1.15 and 2.2.8 includes a fix for CVE-2019-19118: A Django m… |
|
MEDIUM | 6.5 |
| CVE-2019-11358 | 39594 |
Django versions 2.1.9 and 2.2.2 include a patched bundled jQuery vers… |
|
MEDIUM | 6.1 |
| CVE-2016-7401 | 25718 |
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.… |
|
HIGH | 7.5 |
| CVE-2016-2513 | 33074 |
The password hasher in contrib/auth/hashers.py in Django before 1.8.1… |
|
LOW | 3.1 |
| CVE-2016-2512 | 33073 |
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x… |
|
HIGH | 7.4 |
| CVE-2015-2241 | 25715 |
Cross-site scripting (XSS) vulnerability in the contents function in … |
|
MEDIUM | 4.3 |
| CVE-2015-0222 | 25730 |
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x befo… |
|
MEDIUM | 5.0 |
| CVE-2013-4249 | 35456 |
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget w… |
|
MEDIUM | 4.3 |
| CVE-2015-5964 | 25728 |
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cach… |
|
MEDIUM | 5.0 |
| CVE-2012-4520 | 25709 |
The django.http.HttpRequest.get_host function in Django 1.3.x before … |
|
MEDIUM | 6.4 |
| CVE-2012-3444 | 33069 |
The get_image_dimensions function in the image-handling functionality… |
|
MEDIUM | 5.0 |
| CVE-2012-3443 | 33068 |
The django.forms.ImageField class in the form system in Django before… |
|
MEDIUM | 5.0 |
| CVE-2012-3442 | 33067 |
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResp… |
|
MEDIUM | 4.3 |
| CVE-2011-4139 | 35348 |
Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before… |
|
MEDIUM | 5.0 |
| CVE-2011-4138 | 33065 |
The verify_exists functionality in the URLField implementation in Dja… |
|
MEDIUM | 5.0 |
| CVE-2011-4136 | 33063 |
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1… |
|
MEDIUM | 5.8 |
| CVE-2011-4140 | 33066 |
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throu… |
|
MEDIUM | 6.8 |
| CVE-2011-4137 | 33064 |
The verify_exists functionality in the URLField implementation in Dja… |
|
MEDIUM | 5.0 |
| CVE-2011-0698 | 33062 |
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.… |
|
HIGH | 7.5 |
| CVE-2011-0696 | 33060 |
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly va… |
|
MEDIUM | 6.8 |
| CVE-2010-4534 | 33058 |
The administrative interface in django.contrib.admin in Django before… |
|
MEDIUM | 4.0 |
| CVE-2010-4535 | 33059 |
The password reset functionality in django.contrib.auth in Django bef… |
|
MEDIUM | 5.0 |
| CVE-2018-14574 | 36368 |
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.1… |
|
MEDIUM | 6.1 |
| CVE-2017-12794 | 34918 |
Django 1.10.8 and 1.11.5 include a fix for CVE-2017-12794: In Django … |
|
MEDIUM | 6.1 |
| CVE-2009-2659 | 25694 |
The Admin media handler in core/servers/basehttp.py in Django 1.0 and… |
|
MEDIUM | 5.0 |
| CVE-2009-3695 | 25695 |
Algorithmic complexity vulnerability in the forms library in Django 1… |
|
MEDIUM | 5.0 |
| PVE-2024-99804 | 66011 |
Django versions until 1.3.6 and from 1.4 to 1.4.4 are vulnerable to D… |
|
- | - |
| PVE-2024-99805 | 66010 |
Django versions until 1.3.6 and from 1.4 to 1.4.4 can be compromised … |
|
- | - |
| CVE-2019-3498 | 36769 |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x befor… |
|
MEDIUM | 6.5 |
| CVE-2018-16984 | 36522 |
An issue was discovered in Django 2.1 before 2.1.2, in which unprivil… |
|
MEDIUM | 4.9 |
| CVE-2016-2048 | 25735 |
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, al… |
|
MEDIUM | 5.5 |
| CVE-2015-5145 | 25733 |
validators.URLValidator in Django 1.8.x before 1.8.3 allows remote at… |
|
HIGH | 7.8 |
| CVE-2015-3982 | 25732 |
The session.flush function in the cached_db backend in Django 1.8.x b… |
|
MEDIUM | 5.0 |
| PVE-2023-99933 | 61888 |
The Django administrative tool, known as django.contrib.admin, presum… |
|
- | - |
| CVE-2010-3082 | 25701 |
Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2… |
|
MEDIUM | 4.3 |
| CVE-2011-0697 | 33061 |
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4… |
|
MEDIUM | 4.3 |
| CVE-2007-0404 | 61151 |
bin/compile-messages.py in Django 0.95 does not quote argument string… |
|
HIGH | 7.5 |
| CVE-2007-0405 | 61152 |
The LazyUser class in the AuthenticationMiddleware for Django 0.95 do… |
|
MEDIUM | 6.5 |