Vulnerabilities > Djangoproject > Django > 1.11.17

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33203 Path Traversal vulnerability in multiple products
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.
network
low complexity
djangoproject fedoraproject CWE-22
4.9
4.9
2020-03-05 CVE-2020-9402 SQL Injection vulnerability in multiple products
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. 		8.8
8.8
2020-02-03 CVE-2020-7471 SQL Injection vulnerability in Djangoproject Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter).
network
low complexity
djangoproject CWE-89
critical
 9.8
9.8
2019-12-18 CVE-2019-19844 Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover.
network
low complexity
djangoproject canonical CWE-640
critical
 9.8
9.8
2019-08-09 CVE-2019-14234 SQL Injection vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject fedoraproject debian CWE-89
critical
 9.8
9.8
2019-08-02 CVE-2019-14235 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-674
7.5
7.5
2019-08-02 CVE-2019-14233 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-08-02 CVE-2019-14232 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-07-01 CVE-2019-12781 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3.
network
low complexity
djangoproject canonical debian CWE-319
5.3
5.3
2019-06-03 CVE-2019-12308 Cross-site Scripting vulnerability in Djangoproject Django
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2.
network
low complexity
djangoproject CWE-79
6.1
6.1