Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Django — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in Django, with AI-generated Chinese analysis, references, and POCs.

Vendor: djangoproject

CVE IDTitleCVSSSeverityPublished
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass CWE-770 7.5AIHighAI2026-04-07
CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload CWE-407 5.3AIMediumAI2026-04-07
CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable CWE-862 9.1AICriticalAI2026-04-07
CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin CWE-862 9.8AICriticalAI2026-04-07
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation CWE-290 5.3AIMediumAI2026-04-07
CVE-2026-25674 Potential incorrect permissions on newly created file system objects CWE-362 6.5 -2026-03-03
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows CWE-400 7.5AIHighAI2026-03-03
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI CWE-407 7.5 -2026-02-03
CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation CWE-89 9.8 -2026-02-03
CVE-2026-1287 Potential SQL injection in column aliases via control characters CWE-89 9.8 -2026-02-03
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods CWE-407 7.5 -2026-02-03
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS CWE-89 9.8 -2026-02-03
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler CWE-208 3.7 -2026-02-03
CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction CWE-407 7.5AIHighAI2025-12-02
CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL CWE-89 9.8AICriticalAI2025-12-02
CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects CWE-89 9.8 -2025-11-05
CVE-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows CWE-407 7.5 -2025-11-05
CVE-2025-59681 Django SQL注入漏洞 CWE-89 7.1 High2025-10-01
CVE-2025-59682 Django 安全漏洞 CWE-23 3.1 Low2025-10-01
CVE-2025-57833 Django SQL注入漏洞 CWE-89 7.1 High2025-09-03
CVE-2025-48432 Django 安全漏洞 CWE-117 4.0 Medium2025-06-05
CVE-2025-32873 Django 安全漏洞 CWE-770 5.3 Medium2025-05-08
CVE-2025-27556 Django 安全漏洞 CWE-770 5.8 Medium2025-04-02
CVE-2025-26699 Django 安全漏洞 CWE-770 5.0 Medium2025-03-06
CVE-2024-56374 Django 安全漏洞 CWE-770 5.8 Medium2025-01-14

All 25 known CVE vulnerabilities affecting Django with full Chinese analysis, references, and POCs where available.