| CVE-2014-0474 |
critical |
— |
10.0 |
|
|
|
12y ago |
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not proper… |
| CVE-2016-9013 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it eas… |
| CVE-2019-11358 |
low |
— |
3.5 |
|
|
|
7y ago |
RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low) |
| CVE-2014-0483 |
low |
— |
3.5 |
|
|
|
12y ago |
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship be… |
| CVE-2016-2513 |
low |
3.1 |
3.1 |
|
|
|
10y ago |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. |
| CVE-2025-48432 |
low |
— |
2.5 |
|
|
|
1y ago |
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially… |
| CVE-2021-31542 |
low |
— |
2.5 |
|
|
|
5y ago |
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. |
| CVE-2021-28658 |
low |
— |
2.5 |
|
|
|
5y ago |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were no… |
| CVE-2021-3281 |
low |
— |
2.5 |
|
|
|
5y ago |
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal … |
| CVE-2019-19118 |
low |
— |
2.5 |
|
|
|
7y ago |
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… |
