High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-15	CVE-2023-24580	Resource Exhaustion vulnerability in multiple products An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. network low complexity djangoproject debian CWE-400	7.5
2023-02-01	CVE-2023-23969	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. network low complexity djangoproject debian CWE-770	7.5
2022-10-16	CVE-2022-41323	Unspecified vulnerability in Djangoproject Django In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. network low complexity djangoproject	7.5
2022-08-03	CVE-2022-36359	Download of Code Without Integrity Check vulnerability in multiple products An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. network low complexity djangoproject debian CWE-494	8.8
2022-02-03	CVE-2022-23833	Infinite Loop vulnerability in multiple products An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. network low complexity djangoproject fedoraproject debian CWE-835	7.5
2022-01-05	CVE-2021-45115	An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject	7.5
2022-01-05	CVE-2021-45116	Improper Input Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. network low complexity djangoproject fedoraproject CWE-20	7.5
2021-12-08	CVE-2021-44420	In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. network low complexity djangoproject redhat debian canonical fedoraproject	7.3
2021-06-08	CVE-2021-33571	Server-Side Request Forgery (SSRF) vulnerability in multiple products In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. network low complexity djangoproject fedoraproject CWE-918	7.5
2021-05-05	CVE-2021-31542	Path Traversal vulnerability in multiple products In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. network low complexity djangoproject debian fedoraproject CWE-22	7.5