pkg:Debian/python-django

All known vulnerabilities

• CRITICAL9.8CVE-2026-4277Django vulnerable to privilege abuse in GenericInlineModelAdmin
  from 0
• CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
  from 0, < 3:4.2.17-1
• CRITICAL9.8python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• CRITICAL9.8python-django - security update
  from 0, < 1:1.11.29-1+deb10u8
• CRITICAL9.8Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8python-django - security update
  from 0, < 1.6.3-1
• CRITICAL9.8python-django - security update
  from 0, < 1.2.3-3+squeeze10
• CRITICAL9.8Django Vulnerable to MySQL Injection
  from 0, < 1.6.3-1
• CRITICAL9.8python-django - security update
  from 0, < 1.7.11-1+deb8u2
• CRITICAL9.8python-django - security update
  from 0, < 1:1.10.3-1
• CRITICAL9.8python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8python-django - security update
  from 0, < 1:1.10.7-2+deb9u16
• CRITICAL9.8SQL Injection in Django
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8python-django - security update
  from 0, < 1:1.10.7-2+deb9u8
• CRITICAL9.8python-django - security update
  from 0, < 2:2.2.10-1
• CRITICAL9.8python-django - security update
  from 0, < 1.7.11-1+deb8u8
• CRITICAL9.8python-django - security update
  from 0, < 1:1.10.7-2+deb9u7
• CRITICAL9.8python-django - security update
  from 0, < 2:2.2.9-1
• CRITICAL9.8SQL Injection in Django
  from 0, < 2:2.2.4-1
• CRITICAL9.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u10
• CRITICAL9.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u10
• CRITICAL9.1Django SQL injection vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• HIGH8.8Django vulnerable to Reflected File Download attack
  from 0, < 2:2.2.28-1~deb11u1
• HIGH8.8python-django - security update
  from 0, < 2:2.2.11-1
• HIGH8.8python-django - security update
  from 0, < 1:1.10.7-2+deb9u17
• HIGH8.6python-django - directory traversal
  from 0, < 1.2.3-3+squeeze7
• HIGH8.6python-django - directory traversal
  from 0, < 1.5.3-1
• HIGH8.1python-django - security update
  from 0, < 1:1.10.3-1
• HIGH8.1python-django - security update
  from 0, < 1.4.22-1+deb7u2
• HIGH7.5Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
  from 0
• HIGH7.5Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
  from 0
• HIGH7.5Django has Inefficient Algorithmic Complexity
  from 0, < 3:3.2.25-0+deb12u2
• HIGH7.5Django has Inefficient Algorithmic Complexity
  from 0, < 2:2.2.28-1~deb11u12
• HIGH7.5Django is vulnerable to DoS via XML serializer text extraction
  from 0, < 2:2.2.28-1~deb11u10
• HIGH7.5Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
  from 0
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u3
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u3
• HIGH7.5Django Path Traversal vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• HIGH7.5Django vulnerable to Denial of Service
  from 0, < 2:2.2.28-1~deb11u11
• HIGH7.5Django vulnerable to Denial of Service
  from 0
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5python-django - security update
  from 0, < 1:1.11.29-1+deb10u9
• HIGH7.5python-django - security update
  from 0, < 1:1.11.29-1+deb10u7
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5python-django - security update
  from 0, < 1:1.11.29-1+deb10u6
• HIGH7.5Django denial-of-service vulnerability in internationalized URLs
  from 0, < 2:2.2.28-1~deb11u1
• HIGH7.5Django Image Field Vulnerable to Image Decompression Bombs
  from 0, < 1.4.1-1
• HIGH7.5Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
  from 0, < 1.4.1-1
• HIGH7.5python-django - several vulnerabilities
  from 0, < 1.2.3-3+squeeze5
• HIGH7.5python-django - several vulnerabilities
  from 0, < 1.4.2-1
• HIGH7.5python-django - denial of service
  from 0, < 1.5.4-1
• HIGH7.5python-django - denial of service
  from 0, < 1.2.3-3+squeeze8
• HIGH7.5Django database denial-of-service with ModelMultipleChoiceField
  from 0, < 1.7.1-1.1
• HIGH7.5Django DoS in django.views.static.serve
  from 0, < 1.7.1-1.1
• HIGH7.5Denial-of-service possibility in logout() view by filling session store
  from 0, < 1.7.10-1
• HIGH7.5Django Reuses Cached CSRF Token
  from 0, < 1.6.3-1
• HIGH7.5Django Vulnerable to HTTP Response Splitting Attack
  from 0, < 1.7.9-1
• HIGH7.5python-django - security update
  from 0, < 1.2.3-3+squeeze14
• HIGH7.5python-django - security update
  from 0, < 1.7.10-1
• HIGH7.5python-django - security update
  from 0, < 1.4.5-1+deb7u13
• HIGH7.5python-django - security update
  from 0, < 1:1.10-1
• HIGH7.5python-django - security update
  from 0, < 1.4.22-1+deb7u1
• HIGH7.5python-django - security update
  from 0, < 1.7.11-1+deb8u1
• HIGH7.5Django Might Allow CSRF Requests via URL Verification
  from 0, < 1.3.1-1
• HIGH7.5Django Vulnerable to Cache Poisoning
  from 0, < 1.3.1-1
• HIGH7.5Django Allows Open Redirects
  from 0, < 1.6.5-1
• HIGH7.5python-django - security update
  from 0, < 1.6.6-1
• HIGH7.5python-django - security update
  from 0, < 1.2.3-3+squeeze11
• HIGH7.5python-django - security update
  from 0, < 1.4.5-1+deb7u8
• HIGH7.5Django Denial-of-service possibility with strip_tags
  from 0, < 1.7.7-1
• HIGH7.5Django denial of service via file upload naming
  from 0, < 1.6.6-1
• HIGH7.5python-django - denial of service
  from 0, < 1.0.2-1+lenny2
• HIGH7.5python-django - denial of service
  from 0, < 1.1.1-1
• HIGH7.5Django Admin Media Handler Vulnerable to Directory Traversal
  from 0, < 1.1-1
• HIGH7.5Django cross-site request forgery (CSRF) vulnerability
  from 0, < 1.0-1
• HIGH7.5Infinite Loop in Django
  from 0, < 2:2.2.28-1~deb11u1
• HIGH7.5Information disclosure in Django
  from 0, < 2:2.2.26-1~deb11u1
• HIGH7.5python-django - security update
  from 0, < 2:2.2.26-1~deb11u1
• HIGH7.5python-django - security update
  from 0, < 1:1.11.29-1+deb10u3
• HIGH7.5Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
  from 0, < 2:2.2.24-1
• HIGH7.5python-django - security update
  from 0, < 1:1.10.7-2+deb9u13
• HIGH7.5python-django - security update
  from 0, < 2:2.2.21-1
• HIGH7.5python-django - security update
  from 0, < 2:2.2.16-1
• HIGH7.5python-django - security update
  from 0, < 1:1.11.29-1+deb10u2
• HIGH7.5Django Incorrect Default Permissions
  from 0, < 2:2.2.16-1
• HIGH7.5Django Denial-of-service in strip_tags()
  from 0, < 2:2.2.4-1
• HIGH7.5Uncontrolled Recursion in Django
  from 0, < 2:2.2.4-1
• HIGH7.5python-django - security update
  from 0, < 2:2.2.4-1
• HIGH7.5python-django - security update
  from 0, < 1:1.10.7-2+deb9u6
• HIGH7.5python-django - security update
  from 0, < 3:3.2.25-0+deb12u1
• HIGH7.5python-django - security update
  from 0, < 1.7.11-1+deb8u7
• HIGH7.5python-django - security update
  from 0, < 1.7.9-1
• HIGH7.5python-django - security update
  from 0, < 1.4.5-1+deb7u12
• HIGH7.5Uncontrolled Memory Consumption in Django
  from 0, < 1:1.11.20-1
• HIGH7.5Django vulnerable to information leakage in AuthenticationForm
  from 0, < 1:1.11.10-1
• HIGH7.5Improper date handling in Django
  from 0, < 1.2.4-1
• HIGH7.5Denial of service in django
  from 0, < 1.3.1-1
• HIGH7.5Django Cross-Site Request Forgery vulnerability
  from 0, < 1.3.1-1
• HIGH7.5python-django - multiple
  from 0, < 1.2.3-3+squeeze1
• HIGH7.5python-django - multiple
  from 0, < 1.2.5-1
• HIGH7.4Django Vulnerable to Cache Poisoning
  from 0, < 1.6.5-1
• HIGH7.4python-django - security update
  from 0, < 1.9.4-1
• HIGH7.4python-django - security update
  from 0, < 1.4.5-1+deb7u16
• HIGH7.3Potential bypass of an upstream access control based on URL paths in Django
  from 0, < 2:2.2.25-1~deb11u1
• HIGH7.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u9
• HIGH7.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u9
• HIGH7.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u8
• HIGH7.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u8
• MEDIUM6.5Django Uses Persistent Cookies Containing Sensitive Information
  from 0
• MEDIUM6.5Django has potential DoS via MultiPartParser through crafted multipart uploads
  from 0
• MEDIUM6.5Django Middleware Enables Session Hijacking
  from 0, < 1.6.6-1
• MEDIUM6.5Django allows unintended model editing
  from 0, < 2:2.2.8-1
• MEDIUM6.5python-django - security update
  from 0, < 1:1.11.18-1
• MEDIUM6.5python-django - security update
  from 0, < 1:1.10.7-2+deb9u4
• MEDIUM6.5python-django - security update
  from 0, < 1.7.11-1+deb8u4
• MEDIUM6.5Improper query string handling in Django
  from 0, < 1.2.4-1
• MEDIUM6.1python-django - several
  from 0, < 1.2.3-3+squeeze3
• MEDIUM6.1python-django - several
  from 0, < 1.4.1-1
• MEDIUM6.1Django Cross-site Scripting Vulnerability
  from 0, < 1.7.6-1
• MEDIUM6.1Django Cross-site Scripting Vulnerability
  from 0, < 1.7.1-1.1
• MEDIUM6.1Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
  from 0, < 1.5.2-1
• MEDIUM6.1python-django - cross-site scripting vulnerability
  from 0, < 1.2.3-3+squeeze6
• MEDIUM6.1python-django - cross-site scripting vulnerability
  from 0, < 1.5.2-1
• MEDIUM6.1python-django - security update
  from 0, < 1.7.7-1+deb8u5
• MEDIUM6.1python-django - security update
  from 0, < 1:1.9.8-1
• MEDIUM6.1python-django - security update
  from 0, < 1.4.5-1+deb7u17
• MEDIUM6.1python-django - security update
  from 0, < 1.2.3-3+squeeze13
• MEDIUM6.1python-django - security update
  from 0, < 1.4.5-1+deb7u11
• MEDIUM6.1python-django - security update
  from 0, < 1.7.7-1
• MEDIUM6.1Django Cross-site scripting (XSS) vulnerability
  from 0, < 0.96.2-1
• MEDIUM6.1python-django - security update
  from 0, < 1:1.10.7-2+deb9u15
• MEDIUM6.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• MEDIUM6.1python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• MEDIUM6.1Header injection possible in Django
  from 0, < 2:2.2.22-1
• MEDIUM6.1XSS in Django
  from 0, < 2:2.2.13-1
• MEDIUM6.1python-django - security update
  from 0, < 1:1.11.21-1
• MEDIUM6.1python-django - security update
  from 0, < 1:1.10.7-2+deb9u5
• MEDIUM6.1python-django - security update
  from 0, < 1.7.11-1+deb8u5
• MEDIUM6.1Django vulnerable to XSS on 500 pages
  from 0, < 1:1.11.5-1
• MEDIUM6.1python-django - security update
  from 0, < 1.4.22-1+deb7u3
• MEDIUM6.1python-django - security update
  from 0, < 1:1.10.7-1
• MEDIUM6.1Django open redirect
  from 0, < 1:1.10.7-1
• MEDIUM6.1python-django - security update
  from 0, < 1:1.11.15-1
• MEDIUM6.1python-django - security update
  from 0, < 1:1.10.7-2+deb9u2
• MEDIUM6.1Cross-site scripting in django
  from 0, < 1.2.5-1
• MEDIUM6.1Cross-site scripting in django
  from 0, < 1.2.3-1
• MEDIUM5.9Django denial-of-service attack in the intcomma template filter
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.9Django Denial-of-service in django.utils.text.Truncator
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.9python-django - cross site request forgery
  from 0, < 0.96-1.1
• MEDIUM5.9python-django - cross site request forgery
  from 0, < 0.95.1-1etch2
• MEDIUM5.9python2.7 - security update
  from 0, < 2:2.2.19-1
• MEDIUM5.9python2.7 - security update
  from 0, < 1:1.10.7-2+deb9u11
• MEDIUM5.9python-django - security update
  from 0, < 2:2.2.13-1
• MEDIUM5.9python-django - security update
  from 0, < 1:1.10.7-2+deb9u9
• MEDIUM5.9python-django - security update
  from 0, < 1.7.11-1+deb8u9
• MEDIUM5.8python-django - security update
  from 0, < 2:2.2.28-1~deb11u5
• MEDIUM5.8python-django - security update
  from 0, < 2:2.2.28-1~deb11u5
• MEDIUM5.5Django Access Restrictions Bypass
  from 0, < 1.9.2-1
• MEDIUM5.4Django has an SQL Injection issue
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.4Django has an SQL Injection issue
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.4Django has an SQL Injection issue
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware
  from 0
• MEDIUM5.3Potential exposure of private data via whitespace padding in Vary header
  from 0
• MEDIUM5.3Django has an Improper Handling of Length Parameter Inconsistency
  from 0
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3python-django - security update
  from 0, < 3:3.2.25-0+deb12u2
• MEDIUM5.3Django has a denial-of-service possibility in strip_tags()
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
  from 0
• MEDIUM5.3Django vulnerable to denial-of-service attack
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3Django vulnerable to a denial-of-service attack
  from 0
• MEDIUM5.3Django memory consumption vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3Regular expression denial-of-service in Django
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3python-django - security update
  from 0, < 1:1.11.29-1+deb10u10
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3python-django - security update
  from 0, < 1.4.5-1+deb7u9
• MEDIUM5.3python-django - security update
  from 0, < 1.2.3-3+squeeze12
• MEDIUM5.3python-django - security update
  from 0, < 1.7.1-1.1
• MEDIUM5.3Django data leakage via querystring manipulation in admin
  from 0, < 1.6.6-1
• MEDIUM5.3Django is vulnerable to Denial of Service attack in formset
  from 0, < 1.4.4-1
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.26-1~deb11u1
• MEDIUM5.3python-django - security update
  from 0, < 1:1.11.29-1+deb10u4
• MEDIUM5.3python-django - security update
  from 0, < 1:1.11.29-1+deb10u11
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.20-1
• MEDIUM5.3python-django - security update
  from 0, < 1:1.10.7-2+deb9u12
• MEDIUM5.3python-django - security update
  from 0, < 2:2.2.18-1
• MEDIUM5.3python-django - security update
  from 0, < 1:1.10.7-2+deb9u10
• MEDIUM5.3python-django - security update
  from 0, < 1:1.11.22-1
• MEDIUM5.3python-django - security update
  from 0, < 1.7.11-1+deb8u6
• MEDIUM5.3python-django - security update
  from 0, < 1.4.22-1+deb7u4
• MEDIUM5.3python-django - security update
  from 0, < 1:1.11.11-1
• MEDIUM5.3python-django - security update
  from 0, < 1.7.11-1+deb8u3
• MEDIUM5.3Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
  from 0, < 1:1.11.11-1
• MEDIUM5.0python-django - security update
  from 0, < 2:2.2.28-1~deb11u6
• MEDIUM5.0python-django - security update
  from 0, < 2:2.2.28-1~deb11u6
• MEDIUM4.9python-django - security update
  from 0, < 1:1.10.7-2+deb9u14
• MEDIUM4.9python-django - security update
  from 0, < 2:2.2.24-1
• MEDIUM4.3Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie
  from 0
• MEDIUM4.3Django Uses Cache Containing Sensitive Information
  from 0
• MEDIUM4.3python-django - security update
  from 0, < 3:3.2.25-0+deb12u1
• MEDIUM4.3python-django - security update
  from 0, < 3:4.2.27-0+deb13u1
• MEDIUM4.3Django Data leakage via admin history log
  from 0, < 1.4.4-1
• MEDIUM4.0Django Improper Output Neutralization for Logs vulnerability
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM4.0python-django - several issues
  from 0, < 1.3.1-1
• MEDIUM4.0python-django - several issues
  from 0, < 1.2.3-3+squeeze2
• LOW3.7Django has a Race Condition vulnerability
  from 0
• LOW3.7Django allows enumeration of user e-mail addresses
  from 0, < 2:2.2.28-1~deb11u11
• LOW3.1Django vulnerable to partial directory traversal via archives
  from 0, < 2:2.2.28-1~deb11u9
• LOW3.1Django User Enumeration Vulnerability
  from 0, < 1.9.4-1
• LOW2.8python-django - security update
  from 0, < 1.2.3-3+squeeze15
• LOW2.8python-django - security update
  from 0, < 1.8.7-1
• LOW2.8python-django - security update
  from 0, < 1.4.5-1+deb7u14
• LOW2.7Django vulnerable to privilege abuse in ModelAdmin.list_editable
  from 0
• —Potential unencrypted email transmission via STARTTLS in the SMTP backend
  from 0
• —Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware
  from 0
• —XML External Entity (XXE) in Django
  from 0, < 1.4.4-1
• —Django Arbitrary Code Execution
  from 0, < 0.95.1-1
• —Django Improper Access Control
  from 0, < 0.95.1-1
• —Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary…
  from 0, < 1.2.1