Vulnerabilities > Djangoproject > Django > 1.8.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-08 | CVE-2021-33203 | Path Traversal vulnerability in multiple products Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. | 4.9 |
| 2019-12-18 | CVE-2019-19844 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. | 9.8 |
| 2018-03-09 | CVE-2018-7537 | Incorrect Regular Expression vulnerability in multiple products An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. | 5.3 |
| 2018-03-09 | CVE-2018-7536 | Incorrect Regular Expression vulnerability in multiple products An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. | 5.3 |
| 2017-04-04 | CVE-2017-7234 | Open Redirect vulnerability in Djangoproject Django A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. | 6.1 |
| 2017-04-04 | CVE-2017-7233 | Open Redirect vulnerability in Djangoproject Django Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. | 6.1 |