Django — свободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC
Релизный цикл, информация об уязвимостях
График релизов
Количество 775
BDU:2025-08584
Уязвимость программной платформы для веб-приложений Django, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:0149-1
Security update for python-Django
GHSA-qcgg-j2x8-h9g8
Django has a potential denial-of-service vulnerability in IPv6 validation
CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ...
CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
BDU:2025-01179
Уязвимость функций clean_ipv6_address и is_valid_ipv6_address программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
GHSA-m9g8-fxxm-xg86
Django SQL injection in HasKey(lhs, rhs) on Oracle
GHSA-8498-2h75-472j
Django denial-of-service in django.utils.html.strip_tags()
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-08584 Уязвимость программной платформы для веб-приложений Django, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5 | 2% Низкий | 11 месяцев назад |
 | SUSE-SU-2025:0149-1 Security update for python-Django | 1% Низкий | около 1 года назад | |
| GHSA-qcgg-j2x8-h9g8 Django has a potential denial-of-service vulnerability in IPv6 validation | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
 | CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
| CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ... | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
 | CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
 | CVE-2024-56374 An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
| BDU:2025-01179 Уязвимость функций clean_ipv6_address и is_valid_ipv6_address программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.8 | 1% Низкий | около 1 года назад |
| GHSA-m9g8-fxxm-xg86 Django SQL injection in HasKey(lhs, rhs) on Oracle | CVSS3: 9.8 | 1% Низкий | около 1 года назад |
| GHSA-8498-2h75-472j Django denial-of-service in django.utils.html.strip_tags() | CVSS3: 7.5 | 1% Низкий | около 1 года назад |
Уязвимостей на страницу