pkg:Bitnami/django

All known vulnerabilities

• CRITICAL9.8CVE-2026-4277Django vulnerable to privilege abuse in GenericInlineModelAdmin
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
  >= 4.2.0, < 4.2.17, >= 5.0.0, < 5.1.4
• CRITICAL9.8python-django - security update
  >= 3.2.0, < 3.2.19, >= 4.0.0, < 4.1.9 | >= 4.2.0, <= 4.2.0
• CRITICAL9.8Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
  >= 3.2.0, < 3.2.14, >= 4.0.0, < 4.0.6
• CRITICAL9.8SQL Injection in Django
  >= 2.2.0, < 2.2.28, >= 3.2.0, < 3.2.13, >= 4.0.0, < 4.0.4
• CRITICAL9.8python-django - security update
  >= 2.2.0, < 2.2.28, >= 3.2.0, < 3.2.13, >= 4.0.0, < 4.0.4
• CRITICAL9.8SQL Injection in Django
  >= 3.1.0, < 3.1.13, >= 3.2.0, < 3.2.5
• CRITICAL9.8python-django - security update
  >= 1.11.0, < 1.11.28, >= 2.2.0, < 2.2.10, >= 3.0.0, < 3.0.3
• CRITICAL9.1python-django - security update
  >= 4.2.0, < 4.2.26, >= 5.1.0, < 5.1.14, >= 5.2.0, < 5.2.8
• CRITICAL9.1Django SQL injection vulnerability
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• HIGH8.8Django vulnerable to Reflected File Download attack
  >= 3.2.0, < 3.2.15, >= 4.0.0, < 4.0.7
• HIGH8.8python-django - security update
  >= 1.11.0, < 1.11.29, >= 2.2.0, < 2.2.11, >= 3.0.0, < 3.0.4
• HIGH7.5Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• HIGH7.5Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• HIGH7.5Django vulnerable to Uncontrolled Resource Consumption
  >= 4.2.0, < 4.2.29, >= 5.2.0, < 5.2.12, >= 6.0.0, < 6.0.3
• HIGH7.5Django has Inefficient Algorithmic Complexity
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• HIGH7.5Django has Inefficient Algorithmic Complexity
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• HIGH7.5Django is vulnerable to DoS via XML serializer text extraction
  >= 4.2.0, < 4.2.27, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.9
• HIGH7.5Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
  >= 4.2.0, < 4.2.26, >= 5.1.0, < 5.1.14, >= 5.2.0, < 5.2.8
• HIGH7.5python-django - security update
  >= 4.2.0, < 4.2.17, >= 5.0.0, < 5.1.4
• HIGH7.5Django vulnerable to Denial of Service
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5Django Path Traversal vulnerability
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5Django vulnerable to Denial of Service
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5Django potential denial of service vulnerability in UsernameField on Windows
  >= 3.2.0, < 3.2.23, >= 4.1.0, < 4.1.13, >= 4.2.0, < 4.2.7
• HIGH7.5python-django - security update
  >= 3.2.0, < 3.2.20, >= 4.0.0, < 4.1.10, >= 4.2.0, < 4.2.3
• HIGH7.5python-django - security update
  >= 3.2.0, < 3.2.18, >= 4.0.0, < 4.0.10, >= 4.1.0, < 4.1.7
• HIGH7.5python-django - security update
  >= 3.2.0, < 3.2.17, >= 4.0.0, < 4.0.9, >= 4.1.0, < 4.1.6
• HIGH7.5Django denial-of-service vulnerability in internationalized URLs
  >= 3.2.0, < 3.2.16, >= 4.0.0, < 4.0.8, >= 4.1.0, < 4.1.2
• HIGH7.5Infinite Loop in Django
  >= 2.2.0, < 2.2.27, >= 3.2.0, < 3.2.12, >= 4.0.0, < 4.0.2
• HIGH7.5Information disclosure in Django
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• HIGH7.5python-django - security update
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• HIGH7.5Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
  >= 2.2.0, < 2.2.24, >= 3.0.0, < 3.1.12, >= 3.2.0, < 3.2.4
• HIGH7.5python-django - security update
  >= 2.2.0, < 2.2.21, >= 3.1.0, < 3.1.9, >= 3.2.0, < 3.2.1
• HIGH7.5python-django - security update
  >= 2.2.0, < 2.2.16, >= 3.0.0, < 3.0.10, >= 3.1.0, < 3.1.1
• HIGH7.5Django Incorrect Default Permissions
  >= 2.2.0, < 2.2.16, >= 3.0.0, < 3.0.10, >= 3.1.0, < 3.1.1
• HIGH7.3Potential bypass of an upstream access control based on URL paths in Django
  >= 2.2.0, < 2.2.25, >= 3.1.0, < 3.1.14, >= 3.2.0, < 3.2.10
• HIGH7.1python-django - security update
  >= 4.2.0, < 4.2.25, >= 5.1.0, < 5.1.13, >= 5.2.0, < 5.2.7
• HIGH7.1python-django - security update
  >= 4.2.0, < 4.2.24, >= 5.1.0, < 5.1.12, >= 5.2.0, < 5.2.6
• MEDIUM6.5Django Uses Persistent Cookies Containing Sensitive Information
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM6.5Django has potential DoS via MultiPartParser through crafted multipart uploads
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• MEDIUM6.1python-django - security update
  >= 2.2.0, < 2.2.27, >= 3.2.0, < 3.2.12, >= 4.0.0, < 4.0.2
• MEDIUM6.1Header injection possible in Django
  >= 2.2.0, < 2.2.22, >= 3.1.0, < 3.1.10, >= 3.2.0, < 3.2.2
• MEDIUM6.1XSS in Django
  >= 2.2.0, < 2.2.13, >= 3.0.0, < 3.0.7
• MEDIUM5.9Django denial-of-service attack in the intcomma template filter
  >= 3.2.0, < 3.2.24, >= 4.2.0, < 4.2.10, >= 5.0.0, < 5.0.2
• MEDIUM5.9Django Denial-of-service in django.utils.text.Truncator
  >= 3.2.0, < 3.2.22, >= 4.1.0, < 4.1.12, >= 4.2.0, < 4.2.6
• MEDIUM5.9python2.7 - security update
  >= 2.2.0, < 2.2.19, >= 3.0.0, < 3.0.13, >= 3.1.0, < 3.1.7
• MEDIUM5.9python-django - security update
  >= 2.2.0, < 2.2.13, >= 3.0.0, < 3.0.7
• MEDIUM5.8Django Potential Denial of Service (DoS) on Windows
  >= 5.0.0, < 5.0.14, >= 5.1.0, < 5.1.8
• MEDIUM5.8python-django - security update
  >= 4.2.0, < 5.1.5
• MEDIUM5.4Django has an SQL Injection issue
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.4Django has an SQL Injection issue
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.4Django has an SQL Injection issue
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.3Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware
  >= 5.2.0, < 5.2.15, >= 6.0.0, < 6.0.6
• MEDIUM5.3Potential exposure of private data via whitespace padding in Vary header
  >= 5.2.0, < 5.2.15, >= 6.0.0, < 6.0.6
• MEDIUM5.3Django has an Improper Handling of Length Parameter Inconsistency
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM5.3python-django - security update
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.3Django has a denial-of-service possibility in strip_tags()
  >= 4.2.0, < 4.2.21, >= 5.1.0, < 5.1.9, >= 5.2.0, < 5.2.5
• MEDIUM5.3Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
  >= 4.2.0, < 4.2.16, >= 5.0.0, < 5.0.9, >= 5.1.0, < 5.2.5
• MEDIUM5.3Django vulnerable to a denial-of-service attack
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3Django vulnerable to denial-of-service attack
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3Django memory consumption vulnerability
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3python-django - security update
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• MEDIUM5.3Regular expression denial-of-service in Django
  >= 3.2.0, < 3.2.25, >= 4.2.0, < 4.2.11, >= 5.0.0, < 5.0.3
• MEDIUM5.3python-django - security update
  >= 3.2.0, < 3.2.21, >= 4.1.0, < 4.1.11, >= 4.2.0, < 4.2.5
• MEDIUM5.3python-django - security update
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• MEDIUM5.3python-django - security update
  >= 2.2.0, < 2.2.20, >= 3.0.0, < 3.0.14, >= 3.1.0, < 3.1.8
• MEDIUM5.3python-django - security update
  >= 2.2.0, < 2.2.18, >= 3.0.0, < 3.0.12, >= 3.1.0, < 3.1.6
• MEDIUM5.0python-django - security update
  >= 4.2.0, < 5.1.7
• MEDIUM4.9python-django - security update
  from 0, < 2.2.24, >= 3.0.0, < 3.1.12, >= 3.2.0, < 3.2.4
• MEDIUM4.3Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie
  >= 5.2.0, < 5.2.15, >= 6.0.0, < 6.0.6
• MEDIUM4.3Django Uses Cache Containing Sensitive Information
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM4.3python-django - security update
  >= 4.2.0, < 4.2.27, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.9
• MEDIUM4.0Django Improper Output Neutralization for Logs vulnerability
  >= 4.2.0, < 4.2.23, >= 5.1.0, < 5.1.11, >= 5.2.0, < 5.2.3
• LOW3.7Django has a Race Condition vulnerability
  >= 4.2.0, < 4.2.29, >= 5.2.0, < 5.2.12, >= 6.0.0, < 6.0.3
• LOW3.7Django allows enumeration of user e-mail addresses
  >= 4.2.0, < 4.2.16, >= 5.0.0, < 5.0.9, >= 5.1.0, < 5.2.5
• LOW3.1Django vulnerable to partial directory traversal via archives
  >= 4.2.0, < 4.2.25, >= 5.1.0, < 5.1.13, >= 5.2.0, < 5.2.7
• LOW2.7Django vulnerable to privilege abuse in ModelAdmin.list_editable
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• —Potential unencrypted email transmission via STARTTLS in the SMTP backend
  >= 5.2.0, < 5.2.15, >= 6.0.0, < 6.0.6
• —Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware
  >= 5.2.0, < 5.2.15, >= 6.0.0, < 6.0.6