Vulnerabilities > Djangoproject

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-04	CVE-2022-34265	SQL Injection vulnerability in Djangoproject Django An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. network low complexity djangoproject CWE-89	7.5
2022-04-12	CVE-2022-28346	SQL Injection vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. network low complexity djangoproject debian CWE-89	7.5
2022-04-12	CVE-2022-28347	SQL Injection vulnerability in Djangoproject Django A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. network low complexity djangoproject CWE-89	7.5
2022-02-03	CVE-2022-22818	Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. network djangoproject fedoraproject CWE-79	4.3
2022-02-03	CVE-2022-23833	Infinite Loop vulnerability in multiple products An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. network low complexity djangoproject fedoraproject CWE-835	5.0
2022-01-05	CVE-2021-45115	An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject	5.0
2022-01-05	CVE-2021-45116	Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject CWE-668	5.0
2022-01-05	CVE-2021-45452	Path Traversal vulnerability in multiple products Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. network low complexity djangoproject fedoraproject CWE-22	5.0
2021-12-08	CVE-2021-44420	In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. network low complexity djangoproject redhat debian canonical fedoraproject	7.5
2021-07-02	CVE-2021-35042	SQL Injection vulnerability in multiple products Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. network low complexity djangoproject fedoraproject CWE-89	7.5

Vulnerabilities > Djangoproject {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Djangoproject"}]}

Vulnerabilities > Djangoproject