Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django

Вендор: djangoproject

График релизов

Недавние уязвимости Django

Количество 673

GHSA-jh75-99hh-qvx9

11 месяцев назад

Django memory consumption vulnerability

CVSS3: 5.3

EPSS: Низкий

GHSA-pv4p-cwwg-4rph

11 месяцев назад

Django SQL injection vulnerability

CVSS3: 9.1

EPSS: Низкий

GHSA-795c-9xpc-xw6g

11 месяцев назад

Django vulnerable to a denial-of-service attack

CVSS3: 5.3

EPSS: Низкий

GHSA-r836-hh6v-rg5g

11 месяцев назад

Django vulnerable to denial-of-service attack

CVSS3: 5.3

EPSS: Низкий

CVE-2024-42005

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...

CVSS3: 7.3

EPSS: Низкий

CVE-2024-42005

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

CVSS3: 7.3

EPSS: Низкий

CVE-2024-41991

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-41991

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-41990

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-41990

11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-jh75-99hh-qvx9 Django memory consumption vulnerability	CVSS3: 5.3	0% Низкий	11 месяцев назад
GHSA-pv4p-cwwg-4rph Django SQL injection vulnerability	CVSS3: 9.1	0% Низкий	11 месяцев назад
GHSA-795c-9xpc-xw6g Django vulnerable to a denial-of-service attack	CVSS3: 5.3	0% Низкий	11 месяцев назад
GHSA-r836-hh6v-rg5g Django vulnerable to denial-of-service attack	CVSS3: 5.3	0% Низкий	11 месяцев назад
CVE-2024-42005 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...	CVSS3: 7.3	0% Низкий	11 месяцев назад
CVE-2024-42005 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.	CVSS3: 7.3	0% Низкий	11 месяцев назад
CVE-2024-41991 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...	CVSS3: 7.5	0% Низкий	11 месяцев назад
CVE-2024-41991 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.	CVSS3: 7.5	0% Низкий	11 месяцев назад
CVE-2024-41990 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...	CVSS3: 7.5	0% Низкий	11 месяцев назад
CVE-2024-41990 An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.	CVSS3: 7.5	0% Низкий	11 месяцев назад

Уязвимостей на страницу