Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53878 |
|
Vulnerability in django (CVE-2026-53878)
vulnerability in django (CVE-2026-53878). Risk of unauthorized operations or information disclosure. Exploitable via ``DomainNameValidator``.
|
| CVE-2026-53877 |
|
Vulnerability in django (CVE-2026-53877)
vulnerability in django (CVE-2026-53877). Risk of unauthorized operations or information disclosure. Exploitable via ``django.contrib.gis.gdal.GDALRaster``.
|
| CVE-2026-48588 |
|
Vulnerability in django (CVE-2026-48588)
vulnerability in django (CVE-2026-48588). Risk of unauthorized operations or information disclosure. Exploitable via ``UpdateCacheMiddleware``.
|
| CVE-2026-54259 |
|
Vulnerability in django (CVE-2026-54259)
vulnerability in django (CVE-2026-54259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54260 |
|
Vulnerability in django (CVE-2026-54260)
vulnerability in django (CVE-2026-54260). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54261 |
|
Vulnerability in django (CVE-2026-54261)
vulnerability in django (CVE-2026-54261). Confidential information can be exposed externally.
|
| CVE-2026-54262 |
|
Vulnerability in django (CVE-2026-54262)
vulnerability in django (CVE-2026-54262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54263 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-54263)
cross-site scripting in django (CVE-2026-54263). Confidential information can be exposed externally.
|
| CVE-2026-7666 |
|
Vulnerability in django (CVE-2026-7666)
vulnerability in django (CVE-2026-7666). Risk of unauthorized operations or information disclosure. Exploitable via ``STARTTLS``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-8404 |
|
Vulnerability in django (CVE-2026-8404)
vulnerability in django (CVE-2026-8404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-6873 |
|
Vulnerability in django (CVE-2026-6873)
vulnerability in django (CVE-2026-6873). Risk of unauthorized operations or information disclosure. Exploitable via ``django.http.HttpRequest.get_signed_cookie``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-48587 |
|
Vulnerability in django (CVE-2026-48587)
vulnerability in django (CVE-2026-48587). Risk of unauthorized operations or information disclosure. Exploitable via ``Vary``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-35193 |
|
Vulnerability in django (CVE-2026-35193)
vulnerability in django (CVE-2026-35193). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-42197 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
|
| CVE-2026-44847 |
|
Authentication Bypass in django (CVE-2026-44847)
authentication bypass in django (CVE-2026-44847). Data can be tampered with by attackers. Mitigation: upgrade to `2.9.0` or later.
|
| CVE-2026-40102 |
|
Vulnerability in django (CVE-2026-40102)
vulnerability in django (CVE-2026-40102). Confidential information can be exposed externally. Exploitable via `GET /api/workspaces/`.
|
| CVE-2026-42196 |
|
Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
|
| CVE-2026-42857 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42857)
cross-site scripting in django (CVE-2026-42857). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44987 |
|
Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44200 |
|
Vulnerability in wagtail (CVE-2026-44200)
vulnerability in wagtail (CVE-2026-44200). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44201 |
|
Vulnerability in wagtail (CVE-2026-44201)
vulnerability in wagtail (CVE-2026-44201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44199 |
|
Vulnerability in wagtail (CVE-2026-44199)
vulnerability in wagtail (CVE-2026-44199). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44198 |
|
Vulnerability in wagtail (CVE-2026-44198)
vulnerability in wagtail (CVE-2026-44198). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44197 |
|
Vulnerability in wagtail (CVE-2026-44197)
vulnerability in wagtail (CVE-2026-44197). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| SUSE-SU-2026:1740-1 |
|
Vulnerability in django (SUSE-SU-2026:1740-1)
vulnerability in django (SUSE-SU-2026:1740-1). Risk of unauthorized operations or information disclosure. Exploitable via ``ASGIRequest``.
|
| openSUSE-SU-2026:10718-1 |
|
Vulnerability in python-Django (openSUSE-SU-2026:10718-1)
vulnerability in python-Django (openSUSE-SU-2026:10718-1). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.14-1.1` or later.
|
| CVE-2026-41654 |
|
Vulnerability in weblate (CVE-2026-41654)
vulnerability in weblate (CVE-2026-41654). Confidential information can be exposed externally. Exploitable via ``project.add``. Mitigation: upgrade to `5.17.1` or later.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-25673 |
|
Vulnerability in django (CVE-2026-25673)
vulnerability in django (CVE-2026-25673). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1312 |
|
SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1287 |
|
SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1207 |
|
SQL Injection in django (CVE-2026-1207)
SQL injection in django (CVE-2026-1207). Risk of unauthorized operations or information disclosure. Exploitable via ``RasterField``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2024-11406 |
|
Cross-Site Scripting (XSS) in djangocms-attributes-field (CVE-2024-11406)
cross-site scripting in djangocms-attributes-field (CVE-2024-11406). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0` or later.
|
| CVE-2024-11404 |
|
Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
|
| CVE-2024-11319 |
|
Cross-Site Scripting (XSS) in django-cms (CVE-2024-11319)
cross-site scripting in django-cms (CVE-2024-11319). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2017-12794 |
|
Cross-Site Scripting (XSS) in django (CVE-2017-12794)
cross-site scripting in django (CVE-2017-12794). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5081 |
|
Cross-Site Request Forgery (CSRF) in django-cms (CVE-2015-5081)
vulnerability in django-cms (CVE-2015-5081). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `f77cbc607d6e2a62e63287d37ad320109a2cc78a, 3.0.14, 3.1.1` or later.
|
| CVE-2017-7234 |
|
Open Redirect in django (CVE-2017-7234)
vulnerability in django (CVE-2017-7234). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7233 |
|
Open Redirect in django (CVE-2017-7233)
vulnerability in django (CVE-2017-7233). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6591 |
|
Cross-Site Scripting (XSS) in django (CVE-2017-6591)
cross-site scripting in django (CVE-2017-6591). Risk of unauthorized operations or information disclosure.
|