Vulnerabilities > Djangoproject

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-28346 SQL Injection vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject debian CWE-89
7.5
2022-04-12 CVE-2022-28347 SQL Injection vulnerability in Djangoproject Django
A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4.
network
low complexity
djangoproject CWE-89
7.5
2022-02-03 CVE-2022-22818 Cross-site Scripting vulnerability in multiple products
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context.
4.3
2022-02-03 CVE-2022-23833 Infinite Loop vulnerability in multiple products
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2.
network
low complexity
djangoproject fedoraproject CWE-835
5.0
2022-01-05 CVE-2021-45115 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.
network
low complexity
djangoproject fedoraproject CWE-400
5.0
2022-01-05 CVE-2021-45116 Exposure of Resource to Wrong Sphere vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.
network
low complexity
djangoproject fedoraproject CWE-668
5.0
2022-01-05 CVE-2021-45452 Path Traversal vulnerability in multiple products
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
network
low complexity
djangoproject fedoraproject CWE-22
5.0
2021-12-08 CVE-2021-44420 Improper Authentication vulnerability in multiple products
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
7.5
2021-07-02 CVE-2021-35042 SQL Injection vulnerability in multiple products
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
network
low complexity
djangoproject fedoraproject CWE-89
7.5
2021-06-08 CVE-2021-33203 Path Traversal vulnerability in multiple products
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.
network
low complexity
djangoproject fedoraproject CWE-22
4.0