Django vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2022-36359HighDjango: Django vulnerable to Reflected File Download attackCVE-2022-34265CriticalDjango: Django `Trunc()` and `Extract()` database functions vulnerable to SQL InjectionCVE-2012-3442Criticaldjango: Django Allows Redirect via Data URLCVE-2012-3443Highdjango: Django Image Field Vulnerable to Image Decompression BombsCVE-2012-3444HighDjango: Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory BufferCVE-2012-4520Highdjango: Django Allows Arbitrary URL GenerationCVE-2013-1664MediumDjango: XML Entity Expansion (XEE) in DjangoCVE-2013-1665MediumDjango: XML External Entity (XXE) in DjangoCVE-2013-4315Highdjango: Django Directory Traversal via ssi template tagCVE-2013-1443HighDjango: Django Denial of Service Vulnerability in the authentication framework CVE-2016-2048Highdjango: Django Access Restrictions Bypass CVE-2015-2241Mediumdjango: Django Cross-site Scripting VulnerabilityCVE-2015-3982MediumDjango: Django allows user sessions hijacking via an empty string in the session keyCVE-2015-8213Mediumdjango: Django settings leak in date template filterCVE-2015-0219Mediumdjango: Django WSGI Header Spoofing VulnerabilityCVE-2015-0221Highdjango: Django DoS in django.views.static.serveCVE-2015-0222HighDjango: Django database denial-of-service with ModelMultipleChoiceFieldCVE-2015-0220Mediumdjango: Django Cross-site Scripting VulnerabilityCVE-2015-5964MediumDjango: Denial-of-service possibility in logout() view by filling session storeCVE-2014-0472CriticalDjango: Code Injection in DjangoCVE-2014-0473Highdjango: Django Reuses Cached CSRF TokenCVE-2014-0474Highdjango: Django Vulnerable to MySQL InjectionCVE-2014-1418CriticalDjango: Django Vulnerable to Cache PoisoningCVE-2013-4249Mediumdjango: Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widgetCVE-2016-2512Mediumdjango: Django XSS Vulnerability

Stop the waste.
Protect your environment with Kodem.