High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-01	CVE-2020-24584	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical fedoraproject oracle CWE-276	7.5
2020-09-01	CVE-2020-24583	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). network low complexity djangoproject canonical fedoraproject oracle CWE-276	7.5
2020-03-05	CVE-2020-9402	SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. network low complexity djangoproject debian fedoraproject netapp canonical CWE-89	8.8
2019-08-02	CVE-2019-14235	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-674	7.5
2019-08-02	CVE-2019-14233	Resource Exhaustion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-400	7.5
2019-08-02	CVE-2019-14232	Resource Exhaustion vulnerability in multiple products An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. network low complexity djangoproject opensuse CWE-400	7.5
2019-02-11	CVE-2019-6975	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. network low complexity djangoproject canonical fedoraproject CWE-770	7.5
2016-12-09	CVE-2016-9014	Permissions, Privileges, and Access Controls vulnerability in multiple products Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. network high complexity fedoraproject canonical djangoproject CWE-264	8.1
2015-07-14	CVE-2015-5145	Resource Management Errors vulnerability in Djangoproject Django 1.8.0/1.8.1/1.8.2 validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. network low complexity djangoproject CWE-399	7.8
2015-07-14	CVE-2015-5143	Resource Management Errors vulnerability in multiple products The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. network low complexity djangoproject debian oracle canonical CWE-399	7.8