Vulnerabilities > Djangoproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-03 | CVE-2023-36053 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | 7.5 |
| 2023-05-07 | CVE-2023-31047 | Improper Input Validation vulnerability in multiple products In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. | 9.8 |
| 2023-02-15 | CVE-2023-24580 | Resource Exhaustion vulnerability in multiple products An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. | 7.5 |
| 2023-02-01 | CVE-2023-23969 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. | 7.5 |
| 2022-10-16 | CVE-2022-41323 | Unspecified vulnerability in Djangoproject Django In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | 7.5 |
| 2022-08-03 | CVE-2022-36359 | Download of Code Without Integrity Check vulnerability in multiple products An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. | 8.8 |
| 2022-07-04 | CVE-2022-34265 | SQL Injection vulnerability in Djangoproject Django An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. | 9.8 |
| 2022-04-12 | CVE-2022-28346 | SQL Injection vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
| 2022-04-12 | CVE-2022-28347 | SQL Injection vulnerability in multiple products A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. | 9.8 |
| 2022-02-03 | CVE-2022-22818 | Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. | 6.1 |