Known Vulnerabilities for products from Djangoproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Djangoproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23833 | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing cert... | 7.5 - HIGH | 2022-02-03 | 2023-11-22 |
| CVE-2022-22818 | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode th... | 6.1 - MEDIUM | 2022-02-03 | 2023-11-07 |
| CVE-2021-35042 | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from ... | 9.8 - CRITICAL | 2021-07-02 | 2023-11-07 |
| CVE-2021-33571 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46... | 7.5 - HIGH | 2021-06-08 | 2023-12-07 |
| CVE-2021-33203 | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admind... | 4.9 - MEDIUM | 2021-06-08 | 2023-11-07 |
| CVE-2021-32052 | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit new... | 6.1 - MEDIUM | 2021-05-06 | 2023-11-07 |
| CVE-2021-31542 | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed dir... | 7.5 - HIGH | 2021-05-05 | 2023-12-07 |
| CVE-2021-28658 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploade... | 5.3 - MEDIUM | 2021-04-06 | 2023-11-07 |
| CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 an... | 5.9 - MEDIUM | 2021-02-15 | 2023-11-07 |
| CVE-2021-3281 | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "start... | 5.3 - MEDIUM | 2021-02-02 | 2023-11-07 |
| CVE-2020-35681 | Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The ... | 7.4 - HIGH | 2021-02-22 | 2021-02-26 |
| CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The ... | 7.5 - HIGH | 2020-09-01 | 2023-11-07 |
| CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE... | 7.5 - HIGH | 2020-09-01 | 2023-11-07 |
| CVE-2020-13596 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin Fore... | 6.1 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-13254 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform... | 5.9 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-9402 | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a toler... | 8.8 - HIGH | 2020-03-05 | 2023-11-07 |
| CVE-2020-7471 | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a Strin... | 9.8 - CRITICAL | 2020-02-03 | 2023-11-07 |
| CVE-2019-19844 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that... | 9.8 - CRITICAL | 2019-12-18 | 2023-11-07 |
| CVE-2019-19118 | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related... | 6.5 - MEDIUM | 2019-12-02 | 2023-11-07 |
| CVE-2019-14235 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain input... | 7.5 - HIGH | 2019-08-02 | 2023-11-07 |