SecAlerts
CVE ListPricingSign Up
djangoproject logo

djangoproject

Security Risk Profile

39
/100
low

Security Risk Score

Comprehensive risk assessment based on 148 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from September 3, 2008 to present

148
Total CVEs
93
Critical+High
1
Exploited
0
Unpatched

Threat Assessment

Avg CVSS
7.1
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
39/100
low
⚠️ 1 Active Exploits📈 3 in Last 30 Days

Severity Distribution

Critical
19
High
74
Medium
50
Low
5

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
7

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
20
2
SQL Injection
17
3
XSS
16
4
Path Traversal
8
5
Infoleak
7

Most Affected Products

1. djangoproject Django1427
2. pip/Django281
3. Canonical Ubuntu Linux119
4. pip/django95
5. redhat/python-django72

Recent Vulnerabilities

See more →
CVE-2026-35192
CVSS 2.3low

Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST

5/5/2026🔧 No Patch
CVE-2026-6907
CVSS 2.3EPSS 0%low

Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

5/5/2026🔧 No Patch
CVE-2026-5766
CVSS 6.3medium

Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

5/5/2026🔧 No Patch
CVE-2026-33034
CVSS 7.5high

Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

4/7/2026
CVE-2026-33033
CVSS 6.5medium

Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

4/7/2026
CVE-2026-4292
CVSS 2.7EPSS 0%low

Privilege abuse in ModelAdmin.list_editable

4/7/2026
CVE-2026-4277
CVSS 9.8EPSS 0%critical

Privilege abuse in GenericInlineModelAdmin

4/7/2026
CVE-2026-3902
CVSS 7.5high

ASGI header spoofing via underscore/hyphen conflation

4/7/2026
CVE-2026-25674
CVSS 3.7low

Potential incorrect permissions on newly created file system objects

3/3/2026
CVE-2026-25673
CVSS 7.5high

Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows

3/3/2026

Monitor djangoproject in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.