Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
GHSA-6426-9fv3-65x8
Django has an SQL Injection issue
GHSA-gvg8-93h5-g6qq
Django has an SQL Injection issue
GHSA-4rrr-2h4v-f3j9
Django has Inefficient Algorithmic Complexity
GHSA-33mw-q7rj-mjwj
Django has Inefficient Algorithmic Complexity
GHSA-2mcm-79hx-8fxw
Django has Observable Timing Discrepancy
GHSA-mwm9-4648-f68q
Django has an SQL Injection issue
CVE-2026-1312
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...
CVE-2026-1312
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.
CVE-2026-1287
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...
CVE-2026-1287
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-6426-9fv3-65x8 Django has an SQL Injection issue | 0% Низкий | 4 дня назад | |
| GHSA-gvg8-93h5-g6qq Django has an SQL Injection issue | 0% Низкий | 4 дня назад | |
| GHSA-4rrr-2h4v-f3j9 Django has Inefficient Algorithmic Complexity | 0% Низкий | 4 дня назад | |
| GHSA-33mw-q7rj-mjwj Django has Inefficient Algorithmic Complexity | 0% Низкий | 4 дня назад | |
| GHSA-2mcm-79hx-8fxw Django has Observable Timing Discrepancy | 0% Низкий | 4 дня назад | |
| GHSA-mwm9-4648-f68q Django has an SQL Injection issue | 0% Низкий | 4 дня назад | |
| CVE-2026-1312 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ... | CVSS3: 5.4 | 0% Низкий | 4 дня назад |
 | CVE-2026-1312 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue. | CVSS3: 5.4 | 0% Низкий | 4 дня назад |
| CVE-2026-1287 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ... | CVSS3: 5.4 | 0% Низкий | 4 дня назад |
| CVE-2026-1287 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue. | CVSS3: 5.4 | 0% Низкий | 4 дня назад |
Уязвимостей на страницу