Known Vulnerabilities for Django by Djangoproject
Listed below are 10 of the newest known vulnerabilities associated with "Django" by "Djangoproject".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34406 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for pen... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2026-34231 | Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exists in... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2026-34203 | Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and... | Not Provided | 2026-03-31 | 2026-03-31 |
| CVE-2026-33530 | InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk d... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-33153 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6... | Not Provided | 2026-03-26 | 2026-03-26 |
| CVE-2026-33152 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6... | Not Provided | 2026-03-26 | 2026-03-26 |
| CVE-2026-33149 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and inclu... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2022-23833 | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing cert... | 7.5 - HIGH | 2022-02-03 | 2023-11-22 |
| CVE-2022-22818 | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode th... | 6.1 - MEDIUM | 2022-02-03 | 2023-11-07 |
| CVE-2021-35042 | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from ... | 9.8 - CRITICAL | 2021-07-02 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Djangoproject | Django | 3.1.8 | All | All | All |
| Application | Djangoproject | Django | 3.1.7 | All | All | All |
| Application | Djangoproject | Django | 3.1.6 | All | All | All |
| Application | Djangoproject | Django | 3.1.5 | All | All | All |
| Application | Djangoproject | Django | 3.1.4 | All | All | All |
| Application | Djangoproject | Django | 3.1.3 | All | All | All |
| Application | Djangoproject | Django | 3.1.2 | All | All | All |
| Application | Djangoproject | Django | 3.1.1 | All | All | All |
| Application | Djangoproject | Django | 3.1 | All | All | All |
| Application | Djangoproject | Django | 3.0.9 | All | All | All |
| Application | Djangoproject | Django | 3.0.8 | All | All | All |
| Application | Djangoproject | Django | 3.0.7 | All | All | All |
| Application | Djangoproject | Django | 3.0.4 | All | All | All |
| Application | Djangoproject | Django | 3.0.3 | All | All | All |
| Application | Djangoproject | Django | 3.0.2 | All | All | All |
| Application | Djangoproject | Django | 3.0.12 | All | All | All |
| Application | Djangoproject | Django | 3.0.11 | All | All | All |
| Application | Djangoproject | Django | 3.0.10 | All | All | All |
| Application | Djangoproject | Django | 3.0.1 | All | All | All |
| Application | Djangoproject | Django | 3.0 | All | All | All |