Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

djangoproject — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting djangoproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Django is a high-level Python web framework designed to facilitate rapid development of secure and maintainable websites. Its architecture emphasizes reusability and pluggability, allowing developers to build complex applications efficiently. Historically, the framework has been associated with various vulnerability classes, including SQL injection, cross-site scripting (XSS), and remote code execution (RCE), often stemming from improper input validation or misconfigured settings. With 28 Common Vulnerabilities and Exposures (CVEs) currently on record, the project has faced significant scrutiny regarding its security posture. Notable incidents have highlighted risks related to session fixation and denial-of-service attacks, prompting continuous updates to mitigate these threats. The Django Software Foundation actively addresses these issues through regular security releases, ensuring that developers can rely on a robust foundation while adhering to best practices for secure coding and deployment configurations.

Top products by djangoproject: Django
CVE IDTitleCVSSSeverityPublished
CVE-2026-35192 Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST — DjangoCWE-539 7.6 -2026-05-05
CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware — DjangoCWE-524 4.3 Medium2026-05-05
CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass — DjangoCWE-130 5.3 Medium2026-05-05
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass — DjangoCWE-770 7.5AIHighAI2026-04-07
CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload — DjangoCWE-407 5.3AIMediumAI2026-04-07
CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable — DjangoCWE-862 9.1AICriticalAI2026-04-07
CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin — DjangoCWE-862 9.8AICriticalAI2026-04-07
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation — DjangoCWE-290 5.3AIMediumAI2026-04-07
CVE-2026-25674 Potential incorrect permissions on newly created file system objects — DjangoCWE-362 6.5 -2026-03-03
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows — DjangoCWE-400 7.5AIHighAI2026-03-03
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI — DjangoCWE-407 7.5 -2026-02-03
CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation — DjangoCWE-89 9.8 -2026-02-03
CVE-2026-1287 Potential SQL injection in column aliases via control characters — DjangoCWE-89 9.8 -2026-02-03
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods — DjangoCWE-407 7.5 -2026-02-03
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS — DjangoCWE-89 9.8 -2026-02-03
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler — DjangoCWE-208 3.7 -2026-02-03
CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction — DjangoCWE-407 7.5AIHighAI2025-12-02
CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL — DjangoCWE-89 9.8AICriticalAI2025-12-02
CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects — DjangoCWE-89 9.8 -2025-11-05
CVE-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows — DjangoCWE-407 7.5 -2025-11-05
CVE-2025-59681 Django SQL注入漏洞 — DjangoCWE-89 7.1 High2025-10-01
CVE-2025-59682 Django 安全漏洞 — DjangoCWE-23 3.1 Low2025-10-01
CVE-2025-57833 Django SQL注入漏洞 — DjangoCWE-89 7.1 High2025-09-03
CVE-2025-48432 Django 安全漏洞 — DjangoCWE-117 4.0 Medium2025-06-05
CVE-2025-32873 Django 安全漏洞 — DjangoCWE-770 5.3 Medium2025-05-08
CVE-2025-27556 Django 安全漏洞 — DjangoCWE-770 5.8 Medium2025-04-02
CVE-2025-26699 Django 安全漏洞 — DjangoCWE-770 5.0 Medium2025-03-06
CVE-2024-56374 Django 安全漏洞 — DjangoCWE-770 5.8 Medium2025-01-14

This page lists every published CVE security advisory associated with djangoproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.