Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

djangoproject — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting djangoproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by djangoproject:Django
CVE IDTitleCVSSSeverityPublished
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass — DjangoCWE-770 7.5AIHighAI2026-04-07
CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload — DjangoCWE-407 5.3AIMediumAI2026-04-07
CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable — DjangoCWE-862 9.1AICriticalAI2026-04-07
CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin — DjangoCWE-862 9.8AICriticalAI2026-04-07
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation — DjangoCWE-290 5.3AIMediumAI2026-04-07
CVE-2026-25674 Potential incorrect permissions on newly created file system objects — DjangoCWE-362 6.5 -2026-03-03
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows — DjangoCWE-400 7.5AIHighAI2026-03-03
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI — DjangoCWE-407 7.5 -2026-02-03
CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation — DjangoCWE-89 9.8 -2026-02-03
CVE-2026-1287 Potential SQL injection in column aliases via control characters — DjangoCWE-89 9.8 -2026-02-03
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods — DjangoCWE-407 7.5 -2026-02-03
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS — DjangoCWE-89 9.8 -2026-02-03
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler — DjangoCWE-208 3.7 -2026-02-03
CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction — DjangoCWE-407 7.5AIHighAI2025-12-02
CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL — DjangoCWE-89 9.8AICriticalAI2025-12-02
CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects — DjangoCWE-89 9.8 -2025-11-05
CVE-2025-64458 Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows — DjangoCWE-407 7.5 -2025-11-05
CVE-2025-59681 Django SQL注入漏洞 — DjangoCWE-89 7.1 High2025-10-01
CVE-2025-59682 Django 安全漏洞 — DjangoCWE-23 3.1 Low2025-10-01
CVE-2025-57833 Django SQL注入漏洞 — DjangoCWE-89 7.1 High2025-09-03
CVE-2025-48432 Django 安全漏洞 — DjangoCWE-117 4.0 Medium2025-06-05
CVE-2025-32873 Django 安全漏洞 — DjangoCWE-770 5.3 Medium2025-05-08
CVE-2025-27556 Django 安全漏洞 — DjangoCWE-770 5.8 Medium2025-04-02
CVE-2025-26699 Django 安全漏洞 — DjangoCWE-770 5.0 Medium2025-03-06
CVE-2024-56374 Django 安全漏洞 — DjangoCWE-770 5.8 Medium2025-01-14

This page lists every published CVE security advisory associated with djangoproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.