Vulnerabilities > Djangoproject

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-01	CVE-2020-24584	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical CWE-276	5.0
2020-09-01	CVE-2020-24583	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical CWE-276	5.0
2020-06-03	CVE-2020-13596	Cross-Site Scripting vulnerability in Djangoproject Django An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network djangoproject CWE-79	4.3
2020-06-03	CVE-2020-13254	Improper Certificate Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network djangoproject canonical CWE-295	4.3
2020-03-05	CVE-2020-9402	SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. network low complexity djangoproject debian fedoraproject CWE-89	6.5
2020-02-03	CVE-2020-7471	SQL Injection vulnerability in Djangoproject Django Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). network low complexity djangoproject CWE-89	7.5
2019-12-18	CVE-2019-19844	Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. network low complexity djangoproject canonical CWE-640	5.0
2019-12-02	CVE-2019-19118	Incorrect Default Permissions vulnerability in multiple products Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. network low complexity djangoproject fedoraproject CWE-276	4.0
2019-08-09	CVE-2019-14234	SQL Injection vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject fedoraproject debian CWE-89	7.5
2019-08-02	CVE-2019-14235	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-674	5.0

Vulnerabilities > Djangoproject {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Djangoproject"}]}

Vulnerabilities > Djangoproject