CRITICAL9.8CVE-2026-4277Django vulnerable to privilege abuse in GenericInlineModelAdmin >= 6.0, < 6.0.4
CRITICAL9.8CVE-2026-4277Django vulnerable to privilege abuse in GenericInlineModelAdmin >= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle >= 5.1, < 5.1.4, >= 5.0, < 5.0.10, >= 4.2, < 4.2.17
CRITICAL9.8Django SQL injection in HasKey(lhs, rhs) on Oracle
>= 5.0.0, < 5.0.10
CRITICAL9.8python-django - security update
>= 3.2a1, < 3.2.19
CRITICAL9.8python-django - security update
>= 3.2, < 3.2.19, >= 4.0, < 4.1.9, >= 4.2, < 4.2.1
CRITICAL9.8Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
>= 3.2, < 3.2.14, >= 4.0, < 4.0.6
CRITICAL9.8Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
>= 3.2a1, < 3.2.14
CRITICAL9.8python-django - security update
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
CRITICAL9.8Django Vulnerable to MySQL Injection
from 0, < 1.4.11
CRITICAL9.8Django Vulnerable to MySQL Injection
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
CRITICAL9.8python-django - security update
from 0, < 1.4.11
CRITICAL9.8python-django - security update
>= 1.10a1, < 1.10.3
CRITICAL9.8python-django - security update
>= 1.8, < 1.8.16, >= 1.9, < 1.9.11, >= 1.10, < 1.10.3
CRITICAL9.8python-django - security update
>= 2.2, < 2.2.28
CRITICAL9.8python-django - security update
>= 4.0, < 4.0.4, >= 3.2, < 3.2.13, >= 2.2, < 2.2.28
CRITICAL9.8SQL Injection in Django
>= 4.0, < 4.0.4, >= 3.2, < 3.2.13, >= 2.2, < 2.2.28
CRITICAL9.8SQL Injection in Django
>= 2.2, < 2.2.28
CRITICAL9.8SQL Injection in Django
>= 3.2a1, < 3.2.5
CRITICAL9.8SQL Injection in Django
>= 3.1, < 3.1.13, >= 3.2, < 3.2.5
CRITICAL9.8python-django - security update
from 0, < 1.11.28
CRITICAL9.8python-django - security update
from 0, < eb31d845323618d688ad429479c6dda973056136 | >= 1.11, < 1.11.28, >= 2.2, < 2.2.10, >= 3.0, < 3.0.3
CRITICAL9.8python-django - security update
from 0, < 1.11.27, >= 2.2, < 2.2.9
CRITICAL9.8python-django - security update
from 0, < 1.11.27
CRITICAL9.8SQL Injection in Django
>= 1.11a1, < 1.11.23
CRITICAL9.8SQL Injection in Django
>= 2.1, < 2.1.11, >= 1.11, < 1.11.23, >= 2.2, < 2.2.4
CRITICAL9.1python-django - security update
>= 4.2, < 4.2.26, >= 5.1, < 5.1.14, >= 5.2, < 5.2.8
CRITICAL9.1python-django - security update
>= 5.2a1, < 5.2.8
CRITICAL9.1Django SQL injection vulnerability
>= 5.0, < 5.0.8
CRITICAL9.1Django SQL injection vulnerability
>= 5.0, < 5.0.8, >= 4.2, < 4.2.15
CRITICAL9.1Directory traversal in Django
>= 1.1, < 1.1.4
CRITICAL9.1Directory traversal in Django
>= 1.1, < 1.1.4, >= 1.2, < 1.2.5
HIGH8.8Django vulnerable to Reflected File Download attack
from 0, < 3.2.15
HIGH8.8Django vulnerable to Reflected File Download attack
>= 3.2, < 3.2.15, >= 4.0, < 4.0.7
HIGH8.8python-django - security update
>= 1.11, < 1.11.29
HIGH8.8python-django - security update
>= 1.11, < 1.11.29, >= 2.2, < 2.2.11, >= 3.0, < 3.0.4
HIGH8.8python-django - security update
>= 1.11, < 1.11.29, >= 2.2, < 2.2.11, >= 3.0, < 3.0.4
HIGH8.6python-django - directory traversal
>= 1.4, < 1.4.7, >= 1.5, < 1.5.3
HIGH8.6python-django - directory traversal
>= 1.4, < 1.4.7
HIGH8.1python-django - security update
>= 1.8a1, < 1.8.16
HIGH8.1python-django - security update
from 0, < 1.8.16, >= 1.9, < 1.9.11, >= 1.10, < 1.10.3
HIGH7.5Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
>= 6.0, < 6.0.4
HIGH7.5Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
HIGH7.5Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
>= 6.0, < 6.0.4
HIGH7.5Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit
>= 4.2, < 4.2.30, >= 5.2, < 5.2.13, >= 6.0, < 6.0.4
HIGH7.5Django vulnerable to Uncontrolled Resource Consumption
>= 6.0, < 6.0.3
HIGH7.5Django has Inefficient Algorithmic Complexity
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
HIGH7.5Django has Inefficient Algorithmic Complexity
>= 6.0a1, < 6.0.2
HIGH7.5Django has Inefficient Algorithmic Complexity
>= 6.0a1, < 6.0.2
HIGH7.5Django has Inefficient Algorithmic Complexity
>= 4.2, < 4.2.28, >= 5.2, < 5.2.11, >= 6.0, < 6.0.2
HIGH7.5Django is vulnerable to DoS via XML serializer text extraction
>= 5.2a1, < 5.2.9
HIGH7.5Django is vulnerable to DoS via XML serializer text extraction
>= 4.2, < 4.2.27, >= 5.1, < 5.1.15, >= 5.2, < 5.2.9
HIGH7.5Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
>= 4.2, < 4.2.26, >= 5.1, < 5.1.14, >= 5.2, < 5.2.8
HIGH7.5Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
>= 5.2a1, < 5.2.8
HIGH7.5python-django - security update
>= 5.1.0, < 5.1.4
HIGH7.5python-django - security update
>= 5.1, < 5.1.4, >= 5.0, < 5.0.10, >= 4.2, < 4.2.17
HIGH7.5Django Path Traversal vulnerability
>= 5.0, < 5.0.7
HIGH7.5Django Path Traversal vulnerability
>= 5.0, < 5.0.7, >= 4.2, < 4.2.14
HIGH7.5Django vulnerable to Denial of Service
>= 5.0, < 5.0.7, >= 4.2, < 4.2.14
HIGH7.5Django vulnerable to Denial of Service
>= 4.2, < 4.2.14
HIGH7.5Django vulnerable to Denial of Service
>= 4.2, < 4.2.14, >= 5.0, < 5.0.7
HIGH7.5Django vulnerable to Denial of Service
>= 5.0, < 5.0.7
HIGH7.5Django potential denial of service vulnerability in UsernameField on Windows
>= 3.2, < 3.2.23, >= 4.1, < 4.1.13, >= 4.2, < 4.2.7
HIGH7.5Django potential denial of service vulnerability in UsernameField on Windows
>= 3.2a1, < 3.2.23
HIGH7.5python-django - security update
>= 4.2, < 4.2.3, >= 4.0, < 4.1.10, >= 3.2, < 3.2.20
HIGH7.5python-django - security update
>= 3.2a1, < 3.2.20
HIGH7.5python-django - security update
>= 3.2, < 3.2.18, >= 4.0, < 4.0.10, >= 4.1, < 4.1.7
HIGH7.5python-django - security update
>= 3.2a1, < 3.2.18
HIGH7.5python-django - security update
>= 3.2, < 3.2.17, >= 4.0, < 4.0.9, >= 4.1, < 4.1.6
HIGH7.5python-django - security update
>= 3.2a1, < 3.2.17
HIGH7.5Django denial-of-service vulnerability in internationalized URLs
>= 3.2, < 3.2.16
HIGH7.5Django denial-of-service vulnerability in internationalized URLs
from 0, < 5b6b257fa7ec37ff27965358800c67e2dd11c924 | >= 3.2, < 3.2.16, >= 4.0, < 4.0.8, >= 4.1, < 4.1.2
HIGH7.5Django Image Field Vulnerable to Image Decompression Bombs
from 0, < 1.3.2, >= 1.4, < 1.4.1
HIGH7.5Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
from 0, < 1.3.2, >= 1.4, < 1.4.1
HIGH7.5Django Image Field Vulnerable to Image Decompression Bombs
from 0, < 1.3.2
HIGH7.5Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
from 0, < 1.3.2
HIGH7.5python-django - several vulnerabilities
from 0, < 9305c0e12d43c4df999c3301a1f0c742264a657e, < b45c377f8f488955e0c7069cad3f3dd21910b071, < 92d3430f12171f16f566c9050c40feefb830a4a3 | >= 1.3, < 1.3.4, >= 1.4, < 1.4.2
HIGH7.5python-django - several vulnerabilities
>= 1.3, < 1.3.4
HIGH7.5python-django - denial of service
>= 1.4, < 1.4.8, >= 1.5, < 1.5.4
HIGH7.5python-django - denial of service
>= 1.4, < 1.4.8
HIGH7.5Django allows user sessions hijacking via an empty string in the session key
>= 1.8, < 1.8.2
HIGH7.5Django allows user sessions hijacking via an empty string in the session key
>= 1.8a1, < 1.8.2
HIGH7.5Django DoS in django.views.static.serve
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
HIGH7.5Django database denial-of-service with ModelMultipleChoiceField
from 0, < 1.4.18, >= 1.5, < 1.6.10, >= 1.7, < 1.7.3
HIGH7.5Django DoS in django.views.static.serve
from 0, < 1.4.18
HIGH7.5Django database denial-of-service with ModelMultipleChoiceField
>= 1.6, < 1.6.10
HIGH7.5Denial-of-service possibility in logout() view by filling session store
>= 1.7, < 1.7.10, >= 1.4, < 1.4.22
HIGH7.5Denial-of-service possibility in logout() view by filling session store
>= 1.7, < 1.7.10
HIGH7.5Django Reuses Cached CSRF Token
from 0, < 1.4.11
HIGH7.5Django Reuses Cached CSRF Token
from 0, < 1.4.11, >= 1.5, < 1.5.6, >= 1.6, < 1.6.3
HIGH7.5Django Vulnerable to HTTP Response Splitting Attack
from 0, < 1.4.21, >= 1.5, < 1.7.9, >= 1.8, < 1.8.3
HIGH7.5Django Vulnerable to HTTP Response Splitting Attack
from 0, < 1.4.21
HIGH7.5Django ReDoS in validators.URLValidator
>= 1.8a1, < 1.8.3
HIGH7.5Django ReDoS in validators.URLValidator
>= 1.8, < 1.8.3
HIGH7.5python-django - security update
>= 1.8, < 1.8.4
HIGH7.5python-django - security update
>= 1.8, < 1.8.4, >= 1.7, < 1.7.10, >= 1.4, < 1.4.22
HIGH7.5python-django - security update
from 0, < 1.8.15, >= 1.9, < 1.9.10
HIGH7.5python-django - security update
from 0, < 1.8.15
HIGH7.5Django Might Allow CSRF Requests via URL Verification
from 0, < 1.2.7
HIGH7.5Django Vulnerable to Cache Poisoning
from 0, < 1.2.7, >= 1.3, < 1.3.1