Vulnerabilities > Djangoproject

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-28346	SQL Injection vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. network low complexity djangoproject debian CWE-89	7.5
2022-04-12	CVE-2022-28347	SQL Injection vulnerability in Djangoproject Django A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. network low complexity djangoproject CWE-89	7.5
2022-02-03	CVE-2022-22818	Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. network djangoproject fedoraproject CWE-79	4.3
2022-02-03	CVE-2022-23833	Infinite Loop vulnerability in multiple products An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. network low complexity djangoproject fedoraproject CWE-835	5.0
2022-01-05	CVE-2021-45115	Resource Exhaustion vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject CWE-400	5.0
2022-01-05	CVE-2021-45116	Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject CWE-668	5.0
2022-01-05	CVE-2021-45452	Path Traversal vulnerability in multiple products Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. network low complexity djangoproject fedoraproject CWE-22	5.0
2021-12-08	CVE-2021-44420	Improper Authentication vulnerability in multiple products In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. network low complexity djangoproject redhat debian canonical fedoraproject CWE-287	7.5
2021-07-02	CVE-2021-35042	SQL Injection vulnerability in multiple products Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. network low complexity djangoproject fedoraproject CWE-89	7.5
2021-06-08	CVE-2021-33203	Path Traversal vulnerability in multiple products Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. network low complexity djangoproject fedoraproject CWE-22	4.0

Vulnerabilities > Djangoproject {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Djangoproject"}]}

Vulnerabilities > Djangoproject