Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: django Clear
ID Title
CVE-2026-53878 Vulnerability in django (CVE-2026-53878)
vulnerability in django (CVE-2026-53878). Risk of unauthorized operations or information disclosure. Exploitable via ``DomainNameValidator``.
CVE-2026-53877 Vulnerability in django (CVE-2026-53877)
vulnerability in django (CVE-2026-53877). Risk of unauthorized operations or information disclosure. Exploitable via ``django.contrib.gis.gdal.GDALRaster``.
CVE-2026-48588 Vulnerability in django (CVE-2026-48588)
vulnerability in django (CVE-2026-48588). Risk of unauthorized operations or information disclosure. Exploitable via ``UpdateCacheMiddleware``.
CVE-2026-54259 Vulnerability in django (CVE-2026-54259)
vulnerability in django (CVE-2026-54259). Risk of unauthorized operations or information disclosure.
CVE-2026-54260 Vulnerability in django (CVE-2026-54260)
vulnerability in django (CVE-2026-54260). Risk of unauthorized operations or information disclosure.
CVE-2026-54261 Vulnerability in django (CVE-2026-54261)
vulnerability in django (CVE-2026-54261). Confidential information can be exposed externally.
CVE-2026-54262 Vulnerability in django (CVE-2026-54262)
vulnerability in django (CVE-2026-54262). Risk of unauthorized operations or information disclosure.
CVE-2026-54263 Cross-Site Scripting (XSS) in django (CVE-2026-54263)
cross-site scripting in django (CVE-2026-54263). Confidential information can be exposed externally.
CVE-2026-7666 Vulnerability in django (CVE-2026-7666)
vulnerability in django (CVE-2026-7666). Risk of unauthorized operations or information disclosure. Exploitable via ``STARTTLS``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-8404 Vulnerability in django (CVE-2026-8404)
vulnerability in django (CVE-2026-8404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-6873 Vulnerability in django (CVE-2026-6873)
vulnerability in django (CVE-2026-6873). Risk of unauthorized operations or information disclosure. Exploitable via ``django.http.HttpRequest.get_signed_cookie``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-48587 Vulnerability in django (CVE-2026-48587)
vulnerability in django (CVE-2026-48587). Risk of unauthorized operations or information disclosure. Exploitable via ``Vary``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-35193 Vulnerability in django (CVE-2026-35193)
vulnerability in django (CVE-2026-35193). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-42197 Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
CVE-2026-44847 Authentication Bypass in django (CVE-2026-44847)
authentication bypass in django (CVE-2026-44847). Data can be tampered with by attackers. Mitigation: upgrade to `2.9.0` or later.
CVE-2026-40102 Vulnerability in django (CVE-2026-40102)
vulnerability in django (CVE-2026-40102). Confidential information can be exposed externally. Exploitable via `GET /api/workspaces/`.
CVE-2026-42196 Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
CVE-2026-42857 Cross-Site Scripting (XSS) in django (CVE-2026-42857)
cross-site scripting in django (CVE-2026-42857). Risk of unauthorized operations or information disclosure.
CVE-2026-44987 Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
CVE-2026-44200 Vulnerability in wagtail (CVE-2026-44200)
vulnerability in wagtail (CVE-2026-44200). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44201 Vulnerability in wagtail (CVE-2026-44201)
vulnerability in wagtail (CVE-2026-44201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44199 Vulnerability in wagtail (CVE-2026-44199)
vulnerability in wagtail (CVE-2026-44199). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44198 Vulnerability in wagtail (CVE-2026-44198)
vulnerability in wagtail (CVE-2026-44198). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44197 Vulnerability in wagtail (CVE-2026-44197)
vulnerability in wagtail (CVE-2026-44197). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
SUSE-SU-2026:1740-1 Vulnerability in django (SUSE-SU-2026:1740-1)
vulnerability in django (SUSE-SU-2026:1740-1). Risk of unauthorized operations or information disclosure. Exploitable via ``ASGIRequest``.
openSUSE-SU-2026:10718-1 Vulnerability in python-Django (openSUSE-SU-2026:10718-1)
vulnerability in python-Django (openSUSE-SU-2026:10718-1). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.14-1.1` or later.
CVE-2026-41654 Vulnerability in weblate (CVE-2026-41654)
vulnerability in weblate (CVE-2026-41654). Confidential information can be exposed externally. Exploitable via ``project.add``. Mitigation: upgrade to `5.17.1` or later.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-25673 Vulnerability in django (CVE-2026-25673)
vulnerability in django (CVE-2026-25673). Risk of unauthorized operations or information disclosure.
CVE-2026-1312 SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-1287 SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-1207 SQL Injection in django (CVE-2026-1207)
SQL injection in django (CVE-2026-1207). Risk of unauthorized operations or information disclosure. Exploitable via ``RasterField``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2024-11406 Cross-Site Scripting (XSS) in djangocms-attributes-field (CVE-2024-11406)
cross-site scripting in djangocms-attributes-field (CVE-2024-11406). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0` or later.
CVE-2024-11404 Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
CVE-2024-11319 Cross-Site Scripting (XSS) in django-cms (CVE-2024-11319)
cross-site scripting in django-cms (CVE-2024-11319). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.4` or later.
CVE-2017-12794 Cross-Site Scripting (XSS) in django (CVE-2017-12794)
cross-site scripting in django (CVE-2017-12794). Risk of unauthorized operations or information disclosure.
CVE-2015-5081 Cross-Site Request Forgery (CSRF) in django-cms (CVE-2015-5081)
vulnerability in django-cms (CVE-2015-5081). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `f77cbc607d6e2a62e63287d37ad320109a2cc78a, 3.0.14, 3.1.1` or later.
CVE-2017-7234 Open Redirect in django (CVE-2017-7234)
vulnerability in django (CVE-2017-7234). Risk of unauthorized operations or information disclosure.
CVE-2017-7233 Open Redirect in django (CVE-2017-7233)
vulnerability in django (CVE-2017-7233). Risk of unauthorized operations or information disclosure.
CVE-2017-6591 Cross-Site Scripting (XSS) in django (CVE-2017-6591)
cross-site scripting in django (CVE-2017-6591). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →