Vulnerabilities > Djangoproject

DATE CVE VULNERABILITY TITLE RISK
2020-09-01 CVE-2020-24584 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
network
low complexity
djangoproject canonical CWE-276
5.0
2020-09-01 CVE-2020-24583 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
network
low complexity
djangoproject canonical CWE-276
5.0
2020-06-03 CVE-2020-13596 Cross-Site Scripting vulnerability in Djangoproject Django
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
4.3
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
4.3
2020-03-05 CVE-2020-9402 SQL Injection vulnerability in multiple products
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle.
network
low complexity
djangoproject debian fedoraproject CWE-89
6.5
2020-02-03 CVE-2020-7471 SQL Injection vulnerability in Djangoproject Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter).
network
low complexity
djangoproject CWE-89
7.5
2019-12-18 CVE-2019-19844 Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in multiple products
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover.
network
low complexity
djangoproject canonical CWE-640
5.0
2019-12-02 CVE-2019-19118 Incorrect Default Permissions vulnerability in multiple products
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing.
network
low complexity
djangoproject fedoraproject CWE-276
4.0
2019-08-09 CVE-2019-14234 SQL Injection vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject fedoraproject debian CWE-89
7.5
2019-08-02 CVE-2019-14235 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-674
5.0