High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-01	CVE-2020-24584	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical fedoraproject oracle CWE-276	7.5
2020-09-01	CVE-2020-24583	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical fedoraproject oracle CWE-276	7.5
2020-03-05	CVE-2020-9402	SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. network low complexity djangoproject debian fedoraproject netapp canonical CWE-89	8.8
2019-08-02	CVE-2019-14235	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-674	7.5
2019-08-02	CVE-2019-14233	Resource Exhaustion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-400	7.5
2019-08-02	CVE-2019-14232	Resource Exhaustion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-400	7.5
2019-02-11	CVE-2019-6975	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. network low complexity djangoproject canonical fedoraproject CWE-770	7.5
2018-02-05	CVE-2018-6188	Information Exposure vulnerability in multiple products django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. network low complexity djangoproject canonical CWE-200	7.5
2016-12-09	CVE-2016-9014	Permissions, Privileges, and Access Controls vulnerability in multiple products Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. network high complexity fedoraproject canonical djangoproject CWE-264	8.1
2016-10-03	CVE-2016-7401	7PK - Security Features vulnerability in multiple products The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. network low complexity canonical djangoproject debian CWE-254	7.5