pkg:Debian/python-django

All known vulnerabilities

• CRITICAL9.8CVE-2026-4277Privilege abuse in GenericInlineModelAdmin
  from 0
• CRITICAL9.8CVE-2024-53908Django SQL injection in HasKey(lhs, rhs) on Oracle
  from 0, < 3:4.2.17-1
• CRITICAL9.8CVE-2023-31047python-django - security update
  from 0, < 1:1.11.29-1+deb10u8
• CRITICAL9.8CVE-2023-31047python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• CRITICAL9.8CVE-2022-34265Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8CVE-2014-0474Django Vulnerable to MySQL Injection
  from 0, < 1.6.3-1
• CRITICAL9.8CVE-2014-0472python-django - security update
  from 0, < 1.6.3-1
• CRITICAL9.8CVE-2014-0472python-django - security update
  from 0, < 1.2.3-3+squeeze10
• CRITICAL9.8CVE-2016-9013python-django - security update
  from 0, < 1.7.11-1+deb8u2
• CRITICAL9.8CVE-2016-9013python-django - security update
  from 0, < 1:1.10.3-1
• CRITICAL9.8CVE-2022-28347SQL Injection in Django
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8CVE-2022-28346python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• CRITICAL9.8CVE-2022-28346python-django - security update
  from 0, < 1:1.10.7-2+deb9u16
• CRITICAL9.8CVE-2020-7471python-django - security update
  from 0, < 2:2.2.10-1
• CRITICAL9.8CVE-2020-7471python-django - security update
  from 0, < 1:1.10.7-2+deb9u8
• CRITICAL9.8CVE-2019-19844python-django - security update
  from 0, < 2:2.2.9-1
• CRITICAL9.8CVE-2019-19844python-django - security update
  from 0, < 1.7.11-1+deb8u8
• CRITICAL9.8CVE-2019-19844python-django - security update
  from 0, < 1:1.10.7-2+deb9u7
• CRITICAL9.8CVE-2019-14234SQL Injection in Django
  from 0, < 2:2.2.4-1
• CRITICAL9.1CVE-2025-64459Potential SQL injection via _connector keyword argument in QuerySet and Q objects
  from 0, < 2:2.2.28-1~deb11u10
• CRITICAL9.1CVE-2025-64459Potential SQL injection via _connector keyword argument in QuerySet and Q objects
  from 0, < 2:2.2.28-1~deb11u10
• CRITICAL9.1CVE-2024-42005Django SQL injection vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• HIGH8.8CVE-2022-36359Django vulnerable to Reflected File Download attack
  from 0, < 2:2.2.28-1~deb11u1
• HIGH8.8CVE-2020-9402SQL injection in Django
  from 0, < 1:1.10.7-2+deb9u17
• HIGH8.8CVE-2020-9402SQL injection in Django
  from 0, < 2:2.2.11-1
• HIGH8.6CVE-2013-4315python-django - directory traversal
  from 0, < 1.2.3-3+squeeze7
• HIGH8.6CVE-2013-4315python-django - directory traversal
  from 0, < 1.5.3-1
• HIGH8.1CVE-2016-9014python-django - security update
  from 0, < 1.4.22-1+deb7u2
• HIGH8.1CVE-2016-9014python-django - security update
  from 0, < 1:1.10.3-1
• HIGH7.5CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation
  from 0
• HIGH7.5CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
  from 0
• HIGH7.5CVE-2026-1285Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  from 0, < 2:2.2.28-1~deb11u12
• HIGH7.5CVE-2025-14550Potential denial-of-service vulnerability via repeated headers when using ASGI
  from 0, < 3:3.2.25-0+deb12u2
• HIGH7.5CVE-2025-64460Potential denial-of-service vulnerability in XML serializer text extraction
  from 0, < 2:2.2.28-1~deb11u10
• HIGH7.5CVE-2025-64458Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
  from 0
• HIGH7.5CVE-2024-53907Django denial-of-service in django.utils.html.strip_tags()
  from 0, < 2:2.2.28-1~deb11u3
• HIGH7.5CVE-2024-53907Django denial-of-service in django.utils.html.strip_tags()
  from 0, < 2:2.2.28-1~deb11u3
• HIGH7.5CVE-2024-39330Django Path Traversal vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• HIGH7.5CVE-2024-39614Django vulnerable to Denial of Service
  from 0, < 2:2.2.28-1~deb11u11
• HIGH7.5CVE-2024-38875Django vulnerable to Denial of Service
  from 0
• HIGH7.5CVE-2023-36053python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5CVE-2023-36053python-django - security update
  from 0, < 1:1.11.29-1+deb10u9
• HIGH7.5CVE-2023-36053python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5CVE-2023-24580python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5CVE-2023-24580python-django - security update
  from 0, < 1:1.11.29-1+deb10u7
• HIGH7.5CVE-2023-23969python-django - security update
  from 0, < 1:1.11.29-1+deb10u6
• HIGH7.5CVE-2023-23969python-django - security update
  from 0, < 2:2.2.28-1~deb11u2
• HIGH7.5CVE-2022-41323Django denial-of-service vulnerability in internationalized URLs
  from 0, < 2:2.2.28-1~deb11u1
• HIGH7.5CVE-2012-3443Django Image Field Vulnerable to Image Decompression Bombs
  from 0, < 1.4.1-1
• HIGH7.5CVE-2012-3444Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
  from 0, < 1.4.1-1
• HIGH7.5CVE-2012-4520python-django - several vulnerabilities
  from 0, < 1.4.2-1
• HIGH7.5CVE-2012-4520python-django - several vulnerabilities
  from 0, < 1.2.3-3+squeeze5
• HIGH7.5CVE-2013-1443python-django - denial of service
  from 0, < 1.2.3-3+squeeze8
• HIGH7.5CVE-2013-1443python-django - denial of service
  from 0, < 1.5.4-1
• HIGH7.5CVE-2015-0222Django database denial-of-service with ModelMultipleChoiceField
  from 0, < 1.7.1-1.1
• HIGH7.5CVE-2015-0221Django DoS in django.views.static.serve
  from 0, < 1.7.1-1.1
• HIGH7.5CVE-2015-5964Denial-of-service possibility in logout() view by filling session store
  from 0, < 1.7.10-1
• HIGH7.5CVE-2014-0473Django Reuses Cached CSRF Token
  from 0, < 1.6.3-1
• HIGH7.5CVE-2015-5144Django Vulnerable to HTTP Response Splitting Attack
  from 0, < 1.7.9-1
• HIGH7.5CVE-2015-5963python-django - security update
  from 0, < 1.2.3-3+squeeze14
• HIGH7.5CVE-2015-5963python-django - security update
  from 0, < 1.7.10-1
• HIGH7.5CVE-2015-5963python-django - security update
  from 0, < 1.4.5-1+deb7u13
• HIGH7.5CVE-2016-7401python-django - security update
  from 0, < 1.4.22-1+deb7u1
• HIGH7.5CVE-2016-7401python-django - security update
  from 0, < 1.7.11-1+deb8u1
• HIGH7.5CVE-2016-7401python-django - security update
  from 0, < 1:1.10-1
• HIGH7.5CVE-2011-4139Django Vulnerable to Cache Poisoning
  from 0, < 1.3.1-1
• HIGH7.5CVE-2011-4138Django Might Allow CSRF Requests via URL Verification
  from 0, < 1.3.1-1
• HIGH7.5CVE-2014-3730Django Allows Open Redirects
  from 0, < 1.6.5-1
• HIGH7.5CVE-2014-0480python-django - security update
  from 0, < 1.2.3-3+squeeze11
• HIGH7.5CVE-2014-0480python-django - security update
  from 0, < 1.6.6-1
• HIGH7.5CVE-2014-0480python-django - security update
  from 0, < 1.4.5-1+deb7u8
• HIGH7.5CVE-2015-2316Django Denial-of-service possibility with strip_tags
  from 0, < 1.7.7-1
• HIGH7.5CVE-2014-0481Django denial of service via file upload naming
  from 0, < 1.6.6-1
• HIGH7.5CVE-2009-3695python-django - denial of service
  from 0, < 1.0.2-1+lenny2
• HIGH7.5CVE-2009-3695python-django - denial of service
  from 0, < 1.1.1-1
• HIGH7.5CVE-2009-2659Django Admin Media Handler Vulnerable to Directory Traversal
  from 0, < 1.1-1
• HIGH7.5CVE-2008-3909Django cross-site request forgery (CSRF) vulnerability
  from 0, < 1.0-1
• HIGH7.5CVE-2022-23833Infinite Loop in Django
  from 0, < 2:2.2.28-1~deb11u1
• HIGH7.5CVE-2021-45116Information disclosure in Django
  from 0, < 2:2.2.26-1~deb11u1
• HIGH7.5CVE-2021-45115python-django - security update
  from 0, < 1:1.11.29-1+deb10u3
• HIGH7.5CVE-2021-45115python-django - security update
  from 0, < 2:2.2.26-1~deb11u1
• HIGH7.5CVE-2021-33571Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
  from 0, < 2:2.2.24-1
• HIGH7.5CVE-2021-31542python-django - security update
  from 0, < 1:1.10.7-2+deb9u13
• HIGH7.5CVE-2021-31542python-django - security update
  from 0, < 2:2.2.21-1
• HIGH7.5CVE-2020-24583python-django - security update
  from 0, < 1:1.11.29-1+deb10u2
• HIGH7.5CVE-2020-24583python-django - security update
  from 0, < 2:2.2.16-1
• HIGH7.5CVE-2020-24584Django Incorrect Default Permissions
  from 0, < 2:2.2.16-1
• HIGH7.5CVE-2019-14233Django Denial-of-service in strip_tags()
  from 0, < 2:2.2.4-1
• HIGH7.5CVE-2019-14235Uncontrolled Recursion in Django
  from 0, < 2:2.2.4-1
• HIGH7.5CVE-2019-14232python-django - security update
  from 0, < 3:3.2.25-0+deb12u1
• HIGH7.5CVE-2019-14232python-django - security update
  from 0, < 1:1.10.7-2+deb9u6
• HIGH7.5CVE-2019-14232python-django - security update
  from 0, < 1.7.11-1+deb8u7
• HIGH7.5CVE-2019-14232python-django - security update
  from 0, < 2:2.2.4-1
• HIGH7.5CVE-2015-5143python-django - security update
  from 0, < 1.7.9-1
• HIGH7.5CVE-2015-5143python-django - security update
  from 0, < 1.4.5-1+deb7u12
• HIGH7.5CVE-2019-6975Uncontrolled Memory Consumption in Django
  from 0, < 1:1.11.20-1
• HIGH7.5CVE-2018-6188Django vulnerable to information leakage in AuthenticationForm
  from 0, < 1:1.11.10-1
• HIGH7.5CVE-2010-4535Improper date handling in Django
  from 0, < 1.2.4-1
• HIGH7.5CVE-2011-4137Denial of service in django
  from 0, < 1.3.1-1
• HIGH7.5CVE-2011-4140Django Cross-Site Request Forgery vulnerability
  from 0, < 1.3.1-1
• HIGH7.5CVE-2011-0696Cross-site request forgery in Django
  from 0, < 1.2.3-3+squeeze1
• HIGH7.5CVE-2011-0696Cross-site request forgery in Django
  from 0, < 1.2.5-1
• HIGH7.4CVE-2014-1418Django Vulnerable to Cache Poisoning
  from 0, < 1.6.5-1
• HIGH7.4CVE-2016-2512python-django - security update
  from 0, < 1.4.5-1+deb7u16
• HIGH7.4CVE-2016-2512python-django - security update
  from 0, < 1.9.4-1
• HIGH7.3CVE-2021-44420Potential bypass of an upstream access control based on URL paths in Django
  from 0, < 2:2.2.25-1~deb11u1
• HIGH7.1CVE-2025-59681python-django - security update
  from 0, < 2:2.2.28-1~deb11u9
• HIGH7.1CVE-2025-59681python-django - security update
  from 0, < 2:2.2.28-1~deb11u9
• HIGH7.1CVE-2025-57833python-django - security update
  from 0, < 2:2.2.28-1~deb11u8
• HIGH7.1CVE-2025-57833python-django - security update
  from 0, < 2:2.2.28-1~deb11u8
• MEDIUM6.5CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
  from 0
• MEDIUM6.5CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
  from 0
• MEDIUM6.5CVE-2014-0482Django Middleware Enables Session Hijacking
  from 0, < 1.6.6-1
• MEDIUM6.5CVE-2019-19118Django allows unintended model editing
  from 0, < 2:2.2.8-1
• MEDIUM6.5CVE-2019-3498python-django - security update
  from 0, < 1:1.11.18-1
• MEDIUM6.5CVE-2019-3498python-django - security update
  from 0, < 1:1.10.7-2+deb9u4
• MEDIUM6.5CVE-2019-3498python-django - security update
  from 0, < 1.7.11-1+deb8u4
• MEDIUM6.5CVE-2010-4534Improper query string handling in Django
  from 0, < 1.2.4-1
• MEDIUM6.1CVE-2012-3442python-django - several
  from 0, < 1.4.1-1
• MEDIUM6.1CVE-2012-3442python-django - several
  from 0, < 1.2.3-3+squeeze3
• MEDIUM6.1CVE-2015-2241Django Cross-site Scripting Vulnerability
  from 0, < 1.7.6-1
• MEDIUM6.1CVE-2015-0220Django Cross-site Scripting Vulnerability
  from 0, < 1.7.1-1.1
• MEDIUM6.1CVE-2013-4249Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
  from 0, < 1.5.2-1
• MEDIUM6.1CVE-2013-6044python-django - cross-site scripting vulnerability
  from 0, < 1.2.3-3+squeeze6
• MEDIUM6.1CVE-2013-6044python-django - cross-site scripting vulnerability
  from 0, < 1.5.2-1
• MEDIUM6.1CVE-2016-6186python-django - security update
  from 0, < 1.4.5-1+deb7u17
• MEDIUM6.1CVE-2016-6186python-django - security update
  from 0, < 1:1.9.8-1
• MEDIUM6.1CVE-2016-6186python-django - security update
  from 0, < 1.7.7-1+deb8u5
• MEDIUM6.1CVE-2015-2317python-django - security update
  from 0, < 1.7.7-1
• MEDIUM6.1CVE-2015-2317python-django - security update
  from 0, < 1.4.5-1+deb7u11
• MEDIUM6.1CVE-2015-2317python-django - security update
  from 0, < 1.2.3-3+squeeze13
• MEDIUM6.1CVE-2008-2302Django Cross-site scripting (XSS) vulnerability
  from 0, < 0.96.2-1
• MEDIUM6.1CVE-2022-22818python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• MEDIUM6.1CVE-2022-22818python-django - security update
  from 0, < 1:1.10.7-2+deb9u15
• MEDIUM6.1CVE-2022-22818python-django - security update
  from 0, < 2:2.2.28-1~deb11u1
• MEDIUM6.1CVE-2021-32052Header injection possible in Django
  from 0, < 2:2.2.22-1
• MEDIUM6.1CVE-2020-13596XSS in Django
  from 0, < 2:2.2.13-1
• MEDIUM6.1CVE-2019-12308python-django - security update
  from 0, < 1.7.11-1+deb8u5
• MEDIUM6.1CVE-2019-12308python-django - security update
  from 0, < 1:1.10.7-2+deb9u5
• MEDIUM6.1CVE-2019-12308python-django - security update
  from 0, < 1:1.11.21-1
• MEDIUM6.1CVE-2017-12794Django vulnerable to XSS on 500 pages
  from 0, < 1:1.11.5-1
• MEDIUM6.1CVE-2017-7233python-django - security update
  from 0, < 1:1.10.7-1
• MEDIUM6.1CVE-2017-7233python-django - security update
  from 0, < 1.4.22-1+deb7u3
• MEDIUM6.1CVE-2017-7234Django open redirect
  from 0, < 1:1.10.7-1
• MEDIUM6.1CVE-2018-14574python-django - security update
  from 0, < 1:1.11.15-1
• MEDIUM6.1CVE-2018-14574python-django - security update
  from 0, < 1:1.10.7-2+deb9u2
• MEDIUM6.1CVE-2011-0697Cross-site scripting in django
  from 0, < 1.2.5-1
• MEDIUM6.1CVE-2010-3082Cross-site scripting in django
  from 0, < 1.2.3-1
• MEDIUM5.9CVE-2024-24680Django denial-of-service attack in the intcomma template filter
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.9CVE-2023-43665Django Denial-of-service in django.utils.text.Truncator
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.9CVE-2007-5712python-django - cross site request forgery
  from 0, < 0.95.1-1etch2
• MEDIUM5.9CVE-2007-5712python-django - cross site request forgery
  from 0, < 0.96-1.1
• MEDIUM5.9CVE-2021-23336Web Cache Poisoning
  from 0, < 2:2.2.19-1
• MEDIUM5.9CVE-2021-23336Web Cache Poisoning
  from 0, < 1:1.10.7-2+deb9u11
• MEDIUM5.9CVE-2020-13254python-django - security update
  from 0, < 1.7.11-1+deb8u9
• MEDIUM5.9CVE-2020-13254python-django - security update
  from 0, < 2:2.2.13-1
• MEDIUM5.9CVE-2020-13254python-django - security update
  from 0, < 1:1.10.7-2+deb9u9
• MEDIUM5.8CVE-2024-56374Django has a potential denial-of-service vulnerability in IPv6 validation
  from 0, < 2:2.2.28-1~deb11u5
• MEDIUM5.8CVE-2024-56374Django has a potential denial-of-service vulnerability in IPv6 validation
  from 0, < 2:2.2.28-1~deb11u5
• MEDIUM5.5CVE-2016-2048Django Access Restrictions Bypass
  from 0, < 1.9.2-1
• MEDIUM5.4CVE-2026-1312Potential SQL injection via QuerySet.order_by and FilteredRelation
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.4CVE-2026-1287Potential SQL injection in column aliases via control characters
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.4CVE-2026-1207Potential SQL injection via raster lookups on PostGIS
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
  from 0
• MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
  from 0, < 2:2.2.28-1~deb11u12
• MEDIUM5.3CVE-2025-13473Username enumeration through timing difference in mod_wsgi authentication handler
  from 0, < 3:3.2.25-0+deb12u2
• MEDIUM5.3CVE-2025-32873Django has a denial-of-service possibility in strip_tags()
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3CVE-2024-45230Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
  from 0
• MEDIUM5.3CVE-2024-41991Django vulnerable to denial-of-service attack
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3CVE-2024-41990Django vulnerable to a denial-of-service attack
  from 0
• MEDIUM5.3CVE-2024-41989Django memory consumption vulnerability
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3CVE-2024-39329Django vulnerable to user enumeration attack
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3CVE-2024-39329Django vulnerable to user enumeration attack
  from 0, < 2:2.2.28-1~deb11u11
• MEDIUM5.3CVE-2024-27351Regular expression denial-of-service in Django
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3CVE-2023-41164python-django - security update
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3CVE-2023-41164python-django - security update
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM5.3CVE-2023-41164python-django - security update
  from 0, < 1:1.11.29-1+deb10u10
• MEDIUM5.3CVE-2015-0219python-django - security update
  from 0, < 1.4.5-1+deb7u9
• MEDIUM5.3CVE-2015-0219python-django - security update
  from 0, < 1.7.1-1.1
• MEDIUM5.3CVE-2015-0219python-django - security update
  from 0, < 1.2.3-3+squeeze12
• MEDIUM5.3CVE-2014-0483Django data leakage via querystring manipulation in admin
  from 0, < 1.6.6-1
• MEDIUM5.3CVE-2013-0306Django is vulnerable to Denial of Service attack in formset
  from 0, < 1.4.4-1
• MEDIUM5.3CVE-2021-45452python-django - security update
  from 0, < 2:2.2.26-1~deb11u1
• MEDIUM5.3CVE-2021-45452python-django - security update
  from 0, < 1:1.11.29-1+deb10u4
• MEDIUM5.3CVE-2021-28658python-django - security update
  from 0, < 2:2.2.20-1
• MEDIUM5.3CVE-2021-28658python-django - security update
  from 0, < 1:1.10.7-2+deb9u12
• MEDIUM5.3CVE-2021-28658python-django - security update
  from 0, < 1:1.11.29-1+deb10u11
• MEDIUM5.3CVE-2021-3281python-django - security update
  from 0, < 1:1.10.7-2+deb9u10
• MEDIUM5.3CVE-2021-3281python-django - security update
  from 0, < 2:2.2.18-1
• MEDIUM5.3CVE-2019-12781python-django - security update
  from 0, < 1.7.11-1+deb8u6
• MEDIUM5.3CVE-2019-12781python-django - security update
  from 0, < 1:1.11.22-1
• MEDIUM5.3CVE-2018-7536python-django - security update
  from 0, < 1:1.11.11-1
• MEDIUM5.3CVE-2018-7536python-django - security update
  from 0, < 1.7.11-1+deb8u3
• MEDIUM5.3CVE-2018-7536python-django - security update
  from 0, < 1.4.22-1+deb7u4
• MEDIUM5.3CVE-2018-7537Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
  from 0, < 1:1.11.11-1
• MEDIUM5.0CVE-2025-26699Django vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, < 2:2.2.28-1~deb11u6
• MEDIUM5.0CVE-2025-26699Django vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, < 2:2.2.28-1~deb11u6
• MEDIUM4.9CVE-2021-33203python-django - security update
  from 0, < 1:1.10.7-2+deb9u14
• MEDIUM4.9CVE-2021-33203python-django - security update
  from 0, < 2:2.2.24-1
• MEDIUM4.3CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
  from 0
• MEDIUM4.3CVE-2025-13372Potential SQL injection in FilteredRelation column aliases on PostgreSQL
  from 0, < 3:4.2.27-0+deb13u1
• MEDIUM4.3CVE-2025-13372Potential SQL injection in FilteredRelation column aliases on PostgreSQL
  from 0, < 3:3.2.25-0+deb12u1
• MEDIUM4.3CVE-2013-0305Django Data leakage via admin history log
  from 0, < 1.4.4-1
• MEDIUM4.0CVE-2025-48432Django Improper Output Neutralization for Logs vulnerability
  from 0, < 2:2.2.28-1~deb11u7
• MEDIUM4.0CVE-2011-4136python-django - several issues
  from 0, < 1.3.1-1
• MEDIUM4.0CVE-2011-4136python-django - several issues
  from 0, < 1.2.3-3+squeeze2
• LOW3.7CVE-2026-25674Django has a Race Condition vulnerability
  from 0
• LOW3.7CVE-2024-45231Django allows enumeration of user e-mail addresses
  from 0, < 2:2.2.28-1~deb11u11
• LOW3.1CVE-2025-59682Django vulnerable to partial directory traversal via archives
  from 0, < 2:2.2.28-1~deb11u9
• LOW3.1CVE-2016-2513Django User Enumeration Vulnerability
  from 0, < 1.9.4-1
• LOW2.8CVE-2015-8213python-django - security update
  from 0, < 1.8.7-1
• LOW2.8CVE-2015-8213python-django - security update
  from 0, < 1.4.5-1+deb7u14
• LOW2.8CVE-2015-8213python-django - security update
  from 0, < 1.2.3-3+squeeze15
• LOW2.7CVE-2026-4292Privilege abuse in ModelAdmin.list_editable
  from 0
• —CVE-2013-1665XML External Entity (XXE) in Django
  from 0, < 1.4.4-1
• —CVE-2007-0404Django Arbitrary Code Execution
  from 0, < 0.95.1-1
• —CVE-2007-0405Django Improper Access Control
  from 0, < 0.95.1-1
• —CVE-2007-5828Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary…
  from 0, < 1.2.1