Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how django compares to other vendors in security performance

View Risk Score →

oss-secDjango CVE-2026-5766, CVE-2026-35192, and CVE-2026-6907

First published (updated )
https://seclists.org/oss-sec/2026/q2/409

Django DjangoSession fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST

Risk 39
Severity
2.3
First published (updated )
CVE-2026-35192

djangoproject DjangoPotential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

Risk 20
Severity
2.3
EPSS
0.03%
First published (updated )
CVE-2026-6907

djangoproject DjangoPotential denial-of-service vulnerability in ASGI requests via file upload limit bypass

Risk 30
Severity
6.3
First published (updated )
CVE-2026-5766

oss-secDjango CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034

First published (updated )
https://seclists.org/oss-sec/2026/q2/35
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/slippersSlippers: Cross-Site Scripting (XSS) in `attrs` Template Tag

Risk 38
Severity
6.1
First published (updated )
CVE-2026-34231

oss-secDjango CVE-2026-25673 and CVE-2026-25674

First published (updated )
https://seclists.org/oss-sec/2026/q1/248

Django DjangoAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookup…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2436338

Django DjangoSQL Injection

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2436342

Django DjangoAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2436340
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Django DjangoAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest`…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2436341

oss-secDjango CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, and CVE-2026-1312

First published (updated )
https://seclists.org/oss-sec/2026/q1/141

pip/DjangoPotential denial-of-service vulnerability via repeated headers when using ASGI

Risk 46
Severity
7.5
First published (updated )
CVE-2025-14550

pip/DjangoUsername enumeration through timing difference in mod_wsgi authentication handler

Risk 34
Severity
5.3
First published (updated )
CVE-2025-13473

Django CVE-2025-13372 and CVE-2025-64460

First published (updated )
https://seclists.org/oss-sec/2025/q4/226
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/DjangoPotential denial-of-service vulnerability in XML serializer text extraction

Risk 46
Severity
7.5
First published (updated )
CVE-2025-64460

pip/DjangoPotential SQL injection in FilteredRelation column aliases on PostgreSQL

Risk 23
Severity
4.3
First published (updated )
CVE-2025-13372

Django DjangoSQL Injection

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2412651

Django CVE-2025-64458 and CVE-2025-64459

First published (updated )
https://seclists.org/oss-sec/2025/q4/147

Django DjangoPotential SQL injection via _connector keyword argument in QuerySet and Q objects

Risk 76
Severity
9.1
Exploited
First published (updated )
CVE-2025-64459
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/djangoPotential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

Risk 46
Severity
7.5
First published (updated )
CVE-2025-64458

Django CVE-2025-59681 and CVE-2025-59682

First published (updated )
https://seclists.org/oss-sec/2025/q4/2

Django DjangoDjango CVE-2025-59681 and CVE-2025-59682

Risk 41
Severity
6.5
First published (updated )
CVE-2025-59682

Django DjangoThe django.utils.archive.extract() function, used by startapp --template and startproject --template…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2400450

Django DjangoDjango CVE-2025-59681 and CVE-2025-59682

Risk 92
Severity
9.8
First published (updated )
CVE-2025-59681
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2025-57833: Django: Potential SQL injection in Filtedlation column aliases

First published (updated )
https://seclists.org/oss-sec/2025/q3/146

Django DjangoAn issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Intern…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2370365

Django DjangoDjango: Potential log injection via unescaped quest path

Risk 20
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2025-48432

CVE-2025-48432: Django: Potential log injection via unescaped quest path

First published (updated )
https://seclists.org/oss-sec/2025/q2/211

pip/DjangoDjango: Denial-of-service possibility in strip_tags()

Risk 37
Severity
7.5
First published (updated )
CVE-2025-32873
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203