Vulnerabilities > Djangoproject > Django > 3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-04 | CVE-2022-34265 | SQL Injection vulnerability in Djangoproject Django An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. | 9.8 |
2022-04-12 | CVE-2022-28346 | SQL Injection vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
2022-04-12 | CVE-2022-28347 | SQL Injection vulnerability in multiple products A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
2022-02-03 | CVE-2022-22818 | Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. | 6.1 |
2022-02-03 | CVE-2022-23833 | Infinite Loop vulnerability in multiple products An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. | 7.5 |
2022-01-05 | CVE-2021-45115 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. | 7.5 |
2022-01-05 | CVE-2021-45116 | Improper Input Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. | 7.5 |
2022-01-05 | CVE-2021-45452 | Path Traversal vulnerability in multiple products Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | 5.3 |
2021-12-08 | CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 7.3 |
2021-07-02 | CVE-2021-35042 | SQL Injection vulnerability in multiple products Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | 9.8 |