Known Vulnerabilities for products from Djangoproject
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Djangoproject".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53878 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in... | Not Provided | 2026-07-07 | 2026-07-09 |
| CVE-2026-53877 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its... | Not Provided | 2026-07-07 | 2026-07-09 |
| CVE-2026-48588 json | An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` deco... | Not Provided | 2026-07-07 | 2026-07-09 |
| CVE-2026-48587 json | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django do... | Not Provided | 2026-06-03 | 2026-06-05 |
| CVE-2026-44546 json | daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket hand... | Not Provided | 2026-06-03 | 2026-06-15 |
| CVE-2026-44545 json | daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because A... | Not Provided | 2026-06-03 | 2026-06-15 |
| CVE-2026-35193 json | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in ... | Not Provided | 2026-06-03 | 2026-06-05 |
| CVE-2026-35192 json | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is no... | Not Provided | 2026-05-05 | 2026-05-07 |
| CVE-2026-33034 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or unders... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-33033 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attack... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-25673 json | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls... | Not Provided | 2026-03-03 | 2026-06-30 |
| CVE-2026-8404 json | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in ... | Not Provided | 2026-06-03 | 2026-06-05 |
| CVE-2026-7666 json | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Dj... | Not Provided | 2026-06-03 | 2026-06-05 |
| CVE-2026-6907 json | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneousl... | Not Provided | 2026-05-05 | 2026-05-07 |
| CVE-2026-6873 json | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Djan... | Not Provided | 2026-06-03 | 2026-06-05 |
| CVE-2026-5766 json | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Lengt... | Not Provided | 2026-05-05 | 2026-05-07 |
| CVE-2026-4292 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdm... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-4277 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instan... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-3902 json | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker... | Not Provided | 2026-04-07 | 2026-04-13 |
| CVE-2026-1312 json | An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to S... | Not Provided | 2026-02-03 | 2026-06-30 |