Vulnerabilities > Djangoproject > Django > 2.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33203 Path Traversal vulnerability in multiple products
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.
network
low complexity
djangoproject fedoraproject CWE-22
4.9
4.9
2019-12-02 CVE-2019-19118 Incorrect Default Permissions vulnerability in multiple products
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing.
network
low complexity
djangoproject fedoraproject CWE-276
6.5
6.5
2019-08-09 CVE-2019-14234 SQL Injection vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject fedoraproject debian CWE-89
critical
 9.8
9.8
2019-08-02 CVE-2019-14235 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-674
7.5
7.5
2019-08-02 CVE-2019-14233 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-08-02 CVE-2019-14232 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4.
network
low complexity
djangoproject opensuse CWE-400
7.5
7.5
2019-07-01 CVE-2019-12781 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3.
network
low complexity
djangoproject canonical debian CWE-319
5.3
5.3
2019-06-03 CVE-2019-12308 Cross-site Scripting vulnerability in Djangoproject Django
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2.
network
low complexity
djangoproject CWE-79
6.1
6.1
2019-01-09 CVE-2019-3498 Injection vulnerability in multiple products
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. 		6.5
6.5
2018-10-02 CVE-2018-16984 Insufficiently Protected Credentials vulnerability in Djangoproject Django 2.1/2.1.1
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts.
network
low complexity
djangoproject CWE-522
4.0
4.0