Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-08	CVE-2024-45231	Unspecified vulnerability in Djangoproject Django An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. network low complexity djangoproject	5.3
2022-02-03	CVE-2022-22818	Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. network low complexity djangoproject fedoraproject debian CWE-79	6.1
2022-01-05	CVE-2021-45452	Path Traversal vulnerability in multiple products Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. network low complexity djangoproject fedoraproject CWE-22	5.3
2021-06-08	CVE-2021-33203	Path Traversal vulnerability in multiple products Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. network low complexity djangoproject fedoraproject CWE-22	4.9
2021-05-06	CVE-2021-32052	Cross-site Scripting vulnerability in multiple products In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). network low complexity djangoproject fedoraproject CWE-79	6.1
2021-04-06	CVE-2021-28658	Path Traversal vulnerability in multiple products In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. network low complexity djangoproject debian fedoraproject CWE-22	5.3
2021-02-22	CVE-2020-35681	Information Exposure vulnerability in Djangoproject Channels 3.0.0/3.0.1/3.0.2 Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. network djangoproject CWE-200	5.8
2021-02-15	CVE-2021-23336	HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. network high complexity python fedoraproject debian netapp djangoproject oracle CWE-444	5.9
2021-02-02	CVE-2021-3281	Path Traversal vulnerability in multiple products In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. network low complexity djangoproject fedoraproject netapp CWE-22	5.3
2020-06-03	CVE-2020-13596	Cross-site Scripting vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network low complexity djangoproject fedoraproject canonical netapp debian oracle CWE-79	6.1