| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33034 | Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass | djangoproject | Django | - | - | 2026-04-07 14:23:00 | Deep Dive |
| CVE-2026-33033 | Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload | djangoproject | Django | - | - | 2026-04-07 14:22:49 | Deep Dive |
| CVE-2026-4292 | Privilege abuse in ModelAdmin.list_editable | djangoproject | Django | - | - | 2026-04-07 14:22:38 | Deep Dive |
| CVE-2026-4277 | Privilege abuse in GenericInlineModelAdmin | djangoproject | Django | - | - | 2026-04-07 14:22:26 | Deep Dive |
| CVE-2026-3902 | ASGI header spoofing via underscore/hyphen conflation | djangoproject | Django | - | - | 2026-04-07 14:22:07 | Deep Dive |
| CVE-2026-25674 | Potential incorrect permissions on newly created file system objects | djangoproject | Django | 低危 | - | 2026-03-03 14:28:38 | Deep Dive |
| CVE-2026-25673 | Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows | djangoproject | Django | - | - | 2026-03-03 14:28:29 | Deep Dive |
| CVE-2025-14550 | Potential denial-of-service vulnerability via repeated headers when using ASGI | djangoproject | Django | 高危 | - | 2026-02-03 14:38:16 | Deep Dive |
| CVE-2026-1312 | Potential SQL injection via QuerySet.order_by and FilteredRelation | djangoproject | Django | 高危 | - | 2026-02-03 14:36:23 | Deep Dive |
| CVE-2026-1287 | Potential SQL injection in column aliases via control characters | djangoproject | Django | 高危 | - | 2026-02-03 14:36:04 | Deep Dive |
| CVE-2026-1285 | Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods | djangoproject | Django | 高危 | - | 2026-02-03 14:35:50 | Deep Dive |
| CVE-2026-1207 | Potential SQL injection via raster lookups on PostGIS | djangoproject | Django | 高危 | - | 2026-02-03 14:35:34 | Deep Dive |
| CVE-2025-13473 | Username enumeration through timing difference in mod_wsgi authentication handler | djangoproject | Django | 中危 | - | 2026-02-03 14:32:26 | Deep Dive |
| CVE-2025-64460 | Potential denial-of-service vulnerability in XML serializer text extraction | djangoproject | Django | - | - | 2025-12-02 15:15:34 | Deep Dive |
| CVE-2025-13372 | Potential SQL injection in FilteredRelation column aliases on PostgreSQL | djangoproject | Django | - | - | 2025-12-02 15:13:36 | Deep Dive |
| CVE-2025-64459 | Potential SQL injection via _connector keyword argument in QuerySet and Q objects | djangoproject | Django | 高危 | - | 2025-11-05 15:09:58 | Deep Dive |
| CVE-2025-64458 | Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows | djangoproject | Django | 中危 | - | 2025-11-05 15:07:17 | Deep Dive |
| CVE-2025-59682 | Django 安全漏洞 | djangoproject | Django | Low | 3.1 | 2025-10-01 00:00:00 | Deep Dive |
| CVE-2025-59681 | Django SQL注入漏洞 | djangoproject | Django | High | 7.1 | 2025-10-01 00:00:00 | Deep Dive |
| CVE-2025-57833 | Django SQL注入漏洞 | djangoproject | Django | High | 7.1 | 2025-09-03 00:00:00 | Deep Dive |