Known Vulnerabilities for products from Djangoproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Djangoproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33034 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or unders... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-33033 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attack... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-4292 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdm... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-4277 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instan... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-3902 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2023-46695 json | An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow ... | 7.5 - HIGH | 2023-11-02 | 2023-11-09 |
| CVE-2023-43665 json | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() met... | 7.5 - HIGH | 2023-11-03 | 2023-11-13 |
| CVE-2023-41164 json | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a pote... | 7.5 - HIGH | 2023-11-03 | 2023-11-13 |
| CVE-2023-36053 json | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potentia... | 7.5 - HIGH | 2023-07-03 | 2023-11-15 |
| CVE-2023-31047 json | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form... | 9.8 - CRITICAL | 2023-05-07 | 2023-11-07 |
| CVE-2023-24580 json | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.... | 7.5 - HIGH | 2023-02-15 | 2023-11-07 |
| CVE-2023-23969 json | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached ... | 7.5 - HIGH | 2023-02-01 | 2023-11-07 |
| CVE-2022-41323 json | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denia... | 7.5 - HIGH | 2022-10-16 | 2023-11-07 |
| CVE-2022-36359 json | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vu... | 8.8 - HIGH | 2022-08-03 | 2023-11-07 |
| CVE-2022-34265 json | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are su... | 9.8 - CRITICAL | 2022-07-04 | 2023-11-07 |
| CVE-2022-28347 json | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0... | 9.8 - CRITICAL | 2022-04-12 | 2023-11-07 |
| CVE-2022-28346 json | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(... | 9.8 - CRITICAL | 2022-04-12 | 2023-11-07 |
| CVE-2022-23833 json | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing cert... | 7.5 - HIGH | 2022-02-03 | 2023-11-22 |
| CVE-2022-22818 json | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode th... | 6.1 - MEDIUM | 2022-02-03 | 2023-11-07 |
| CVE-2021-45452 json | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filen... | 5.3 - MEDIUM | 2022-01-05 | 2023-11-07 |