| CVE-2020-9402 |
high |
— |
8.0 |
|
|
|
6y ago |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a sui… |
| CVE-2011-0696 |
medium |
— |
6.8 |
|
|
|
8y ago |
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site req… |
| CVE-2026-35192 |
medium |
6.5 |
6.5 |
|
|
|
24d ago |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker … |
| CVE-2026-6907 |
medium |
5.3 |
5.3 |
|
|
|
24d ago |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
`django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T… |
| CVE-2026-5766 |
medium |
5.3 |
5.3 |
|
|
|
24d ago |
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially … |
| CVE-2010-4535 |
medium |
— |
5.0 |
|
|
|
16y ago |
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestam… |
| CVE-2011-0697 |
medium |
— |
4.3 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file … |
| CVE-2010-4534 |
medium |
— |
4.0 |
|
|
|
16y ago |
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain obje… |