pkg:Bitnami/django

All known vulnerabilities

• CRITICAL9.8CVE-2026-4277Privilege abuse in GenericInlineModelAdmin
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
  >= 4.2.0, < 4.2.17, >= 5.0.0, < 5.1.4
• CRITICAL9.8CVE-2023-31047python-django - security update
  >= 3.2.0, < 3.2.19, >= 4.0.0, < 4.1.9 | >= 4.2.0, <= 4.2.0
• CRITICAL9.8CVE-2022-34265Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
  >= 3.2.0, < 3.2.14, >= 4.0.0, < 4.0.6
• CRITICAL9.8CVE-2022-28347SQL Injection in Django
  >= 2.2.0, < 2.2.28, >= 3.2.0, < 3.2.13, >= 4.0.0, < 4.0.4
• CRITICAL9.8CVE-2022-28346python-django - security update
  >= 2.2.0, < 2.2.28, >= 3.2.0, < 3.2.13, >= 4.0.0, < 4.0.4
• CRITICAL9.8CVE-2021-35042SQL Injection in Django
  >= 3.1.0, < 3.1.13, >= 3.2.0, < 3.2.5
• CRITICAL9.8CVE-2020-7471python-django - security update
  >= 1.11.0, < 1.11.28, >= 2.2.0, < 2.2.10, >= 3.0.0, < 3.0.3
• CRITICAL9.1CVE-2025-64459Potential SQL injection via _connector keyword argument in QuerySet and Q objects
  >= 4.2.0, < 4.2.26, >= 5.1.0, < 5.1.14, >= 5.2.0, < 5.2.8
• CRITICAL9.1CVE-2024-42005Django SQL injection vulnerability
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• HIGH8.8CVE-2022-36359Django vulnerable to Reflected File Download attack
  >= 3.2.0, < 3.2.15, >= 4.0.0, < 4.0.7
• HIGH8.8CVE-2020-9402SQL injection in Django
  >= 1.11.0, < 1.11.29, >= 2.2.0, < 2.2.11, >= 3.0.0, < 3.0.4
• HIGH7.5CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• HIGH7.5CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• HIGH7.5CVE-2026-25673Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows
  >= 4.2.0, < 4.2.29, >= 5.2.0, < 5.2.12, >= 6.0.0, < 6.0.3
• HIGH7.5CVE-2025-14550Potential denial-of-service vulnerability via repeated headers when using ASGI
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• HIGH7.5CVE-2026-1285Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• HIGH7.5CVE-2025-64460Potential denial-of-service vulnerability in XML serializer text extraction
  >= 4.2.0, < 4.2.27, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.9
• HIGH7.5CVE-2025-64458Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
  >= 4.2.0, < 4.2.26, >= 5.1.0, < 5.1.14, >= 5.2.0, < 5.2.8
• HIGH7.5CVE-2024-53907Django denial-of-service in django.utils.html.strip_tags()
  >= 4.2.0, < 4.2.17, >= 5.0.0, < 5.1.4
• HIGH7.5CVE-2024-39330Django Path Traversal vulnerability
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5CVE-2024-39614Django vulnerable to Denial of Service
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5CVE-2024-38875Django vulnerable to Denial of Service
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• HIGH7.5CVE-2023-46695Django potential denial of service vulnerability in UsernameField on Windows
  >= 3.2.0, < 3.2.23, >= 4.1.0, < 4.1.13, >= 4.2.0, < 4.2.7
• HIGH7.5CVE-2023-36053python-django - security update
  >= 3.2.0, < 3.2.20, >= 4.0.0, < 4.1.10, >= 4.2.0, < 4.2.3
• HIGH7.5CVE-2023-24580python-django - security update
  >= 3.2.0, < 3.2.18, >= 4.0.0, < 4.0.10, >= 4.1.0, < 4.1.7
• HIGH7.5CVE-2023-23969python-django - security update
  >= 3.2.0, < 3.2.17, >= 4.0.0, < 4.0.9, >= 4.1.0, < 4.1.6
• HIGH7.5CVE-2022-41323Django denial-of-service vulnerability in internationalized URLs
  >= 3.2.0, < 3.2.16, >= 4.0.0, < 4.0.8, >= 4.1.0, < 4.1.2
• HIGH7.5CVE-2022-23833Infinite Loop in Django
  >= 2.2.0, < 2.2.27, >= 3.2.0, < 3.2.12, >= 4.0.0, < 4.0.2
• HIGH7.5CVE-2021-45116Information disclosure in Django
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• HIGH7.5CVE-2021-45115python-django - security update
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• HIGH7.5CVE-2021-33571Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
  >= 2.2.0, < 2.2.24, >= 3.0.0, < 3.1.12, >= 3.2.0, < 3.2.4
• HIGH7.5CVE-2021-31542python-django - security update
  >= 2.2.0, < 2.2.21, >= 3.1.0, < 3.1.9, >= 3.2.0, < 3.2.1
• HIGH7.5CVE-2020-24583python-django - security update
  >= 2.2.0, < 2.2.16, >= 3.0.0, < 3.0.10, >= 3.1.0, < 3.1.1
• HIGH7.5CVE-2020-24584Django Incorrect Default Permissions
  >= 2.2.0, < 2.2.16, >= 3.0.0, < 3.0.10, >= 3.1.0, < 3.1.1
• HIGH7.3CVE-2021-44420Potential bypass of an upstream access control based on URL paths in Django
  >= 2.2.0, < 2.2.25, >= 3.1.0, < 3.1.14, >= 3.2.0, < 3.2.10
• HIGH7.1CVE-2025-59681python-django - security update
  >= 4.2.0, < 4.2.25, >= 5.1.0, < 5.1.13, >= 5.2.0, < 5.2.7
• HIGH7.1CVE-2025-57833python-django - security update
  >= 4.2.0, < 4.2.24, >= 5.1.0, < 5.1.12, >= 5.2.0, < 5.2.6
• MEDIUM6.5CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM6.5CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4
• MEDIUM6.1CVE-2022-22818python-django - security update
  >= 2.2.0, < 2.2.27, >= 3.2.0, < 3.2.12, >= 4.0.0, < 4.0.2
• MEDIUM6.1CVE-2021-32052Header injection possible in Django
  >= 2.2.0, < 2.2.22, >= 3.1.0, < 3.1.10, >= 3.2.0, < 3.2.2
• MEDIUM6.1CVE-2020-13596XSS in Django
  >= 2.2.0, < 2.2.13, >= 3.0.0, < 3.0.7
• MEDIUM5.9CVE-2024-24680Django denial-of-service attack in the intcomma template filter
  >= 3.2.0, < 3.2.24, >= 4.2.0, < 4.2.10, >= 5.0.0, < 5.0.2
• MEDIUM5.9CVE-2023-43665Django Denial-of-service in django.utils.text.Truncator
  >= 3.2.0, < 3.2.22, >= 4.1.0, < 4.1.12, >= 4.2.0, < 4.2.6
• MEDIUM5.9CVE-2021-23336Web Cache Poisoning
  >= 2.2.0, < 2.2.19, >= 3.0.0, < 3.0.13, >= 3.1.0, < 3.1.7
• MEDIUM5.9CVE-2020-13254python-django - security update
  >= 2.2.0, < 2.2.13, >= 3.0.0, < 3.0.7
• MEDIUM5.8CVE-2025-27556Django Potential Denial of Service (DoS) on Windows
  >= 5.0.0, < 5.0.14, >= 5.1.0, < 5.1.8
• MEDIUM5.8CVE-2024-56374Django has a potential denial-of-service vulnerability in IPv6 validation
  >= 4.2.0, < 5.1.5
• MEDIUM5.4CVE-2026-1287Potential SQL injection in column aliases via control characters
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.4CVE-2026-1312Potential SQL injection via QuerySet.order_by and FilteredRelation
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.4CVE-2026-1207Potential SQL injection via raster lookups on PostGIS
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.3CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
  >= 4.2.0, < 4.2.28, >= 5.2.0, < 5.2.11, >= 6.0.0, < 6.0.2
• MEDIUM5.3CVE-2025-32873Django has a denial-of-service possibility in strip_tags()
  >= 4.2.0, < 4.2.21, >= 5.1.0, < 5.1.9, >= 5.2.0, < 5.2.5
• MEDIUM5.3CVE-2024-45230Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
  >= 4.2.0, < 4.2.16, >= 5.0.0, < 5.0.9, >= 5.1.0, < 5.2.5
• MEDIUM5.3CVE-2024-41991Django vulnerable to denial-of-service attack
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3CVE-2024-41990Django vulnerable to a denial-of-service attack
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3CVE-2024-41989Django memory consumption vulnerability
  >= 4.2.0, < 4.2.15, >= 5.0.0, < 5.0.8
• MEDIUM5.3CVE-2024-39329Django vulnerable to user enumeration attack
  >= 4.2.0, < 4.2.14, >= 5.0.0, < 5.0.7
• MEDIUM5.3CVE-2024-27351Regular expression denial-of-service in Django
  >= 3.2.0, < 3.2.25, >= 4.2.0, < 4.2.11, >= 5.0.0, < 5.0.3
• MEDIUM5.3CVE-2023-41164python-django - security update
  >= 3.2.0, < 3.2.21, >= 4.1.0, < 4.1.11, >= 4.2.0, < 4.2.5
• MEDIUM5.3CVE-2021-45452python-django - security update
  >= 2.2.0, < 2.2.26, >= 3.2.0, < 3.2.11, >= 4.0.0, < 4.0.1
• MEDIUM5.3CVE-2021-28658python-django - security update
  >= 2.2.0, < 2.2.20, >= 3.0.0, < 3.0.14, >= 3.1.0, < 3.1.8
• MEDIUM5.3CVE-2021-3281python-django - security update
  >= 2.2.0, < 2.2.18, >= 3.0.0, < 3.0.12, >= 3.1.0, < 3.1.6
• MEDIUM5.0CVE-2025-26699Django vulnerable to Allocation of Resources Without Limits or Throttling
  >= 4.2.0, < 5.1.7
• MEDIUM4.9CVE-2021-33203python-django - security update
  from 0, < 2.2.24, >= 3.0.0, < 3.1.12, >= 3.2.0, < 3.2.4
• MEDIUM4.3CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
  >= 5.2.0, < 5.2.14, >= 6.0.0, < 6.0.5
• MEDIUM4.3CVE-2025-13372Potential SQL injection in FilteredRelation column aliases on PostgreSQL
  >= 4.2.0, < 4.2.27, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.9
• MEDIUM4.0CVE-2025-48432Django Improper Output Neutralization for Logs vulnerability
  >= 4.2.0, < 4.2.23, >= 5.1.0, < 5.1.11, >= 5.2.0, < 5.2.3
• LOW3.7CVE-2026-25674Django has a Race Condition vulnerability
  >= 4.2.0, < 4.2.29, >= 5.2.0, < 5.2.12, >= 6.0.0, < 6.0.3
• LOW3.7CVE-2024-45231Django allows enumeration of user e-mail addresses
  >= 4.2.0, < 4.2.16, >= 5.0.0, < 5.0.9, >= 5.1.0, < 5.2.5
• LOW3.1CVE-2025-59682Django vulnerable to partial directory traversal via archives
  >= 4.2.0, < 4.2.25, >= 5.1.0, < 5.1.13, >= 5.2.0, < 5.2.7
• LOW2.7CVE-2026-4292Privilege abuse in ModelAdmin.list_editable
  >= 4.2.0, < 4.2.30, >= 5.2.0, < 5.2.13, >= 6.0.0, < 6.0.4