Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how djangoproject compares to other vendors in security performance

View Risk Score →

Django DjangoSession fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST

Risk 39
Severity
2.3
First published (updated )
CVE-2026-35192

djangoproject DjangoPotential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

Risk 20
Severity
2.3
EPSS
0.03%
First published (updated )
CVE-2026-6907

djangoproject DjangoPotential denial-of-service vulnerability in ASGI requests via file upload limit bypass

Risk 30
Severity
6.3
First published (updated )
CVE-2026-5766

pip/DjangoPotential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

Risk 46
Severity
7.5
First published (updated )
CVE-2026-33034

pip/DjangoPotential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

Risk 40
Severity
6.5
First published (updated )
CVE-2026-33033
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/DjangoPrivilege abuse in ModelAdmin.list_editable

Risk 12
Severity
2.7
EPSS
0.01%
First published (updated )
CVE-2026-4292

pip/DjangoPrivilege abuse in GenericInlineModelAdmin

Risk 63
Severity
9.8
EPSS
0.01%
First published (updated )
CVE-2026-4277

pip/DjangoASGI header spoofing via underscore/hyphen conflation

Risk 46
Severity
7.5
First published (updated )
CVE-2026-3902

pypi/djangoPotential incorrect permissions on newly created file system objects

Risk 21
Severity
3.7
First published (updated )
CVE-2026-25674

pypi/djangoPotential denial-of-service vulnerability in URLField via Unicode normalization on Windows

Risk 46
Severity
7.5
First published (updated )
CVE-2026-25673
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/DjangoPotential denial-of-service vulnerability via repeated headers when using ASGI

Risk 46
Severity
7.5
First published (updated )
CVE-2025-14550

pip/DjangoPotential SQL injection via QuerySet.order_by and FilteredRelation

Risk 37
Severity
5.4
First published (updated )
CVE-2026-1312

pip/DjangoPotential SQL injection in column aliases via control characters

Risk 37
Severity
5.4
First published (updated )
CVE-2026-1287

pip/DjangoPotential denial-of-service vulnerability in django.utils.text.Truncator HTML methods

Risk 46
Severity
7.5
First published (updated )
CVE-2026-1285

pypi/djangoPotential SQL injection via raster lookups on PostGIS

Risk 37
Severity
5.4
First published (updated )
CVE-2026-1207
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/DjangoUsername enumeration through timing difference in mod_wsgi authentication handler

Risk 34
Severity
5.3
First published (updated )
CVE-2025-13473

pip/DjangoPotential denial-of-service vulnerability in XML serializer text extraction

Risk 46
Severity
7.5
First published (updated )
CVE-2025-64460

pip/DjangoPotential SQL injection in FilteredRelation column aliases on PostgreSQL

Risk 23
Severity
4.3
First published (updated )
CVE-2025-13372

Django DjangoPotential SQL injection via _connector keyword argument in QuerySet and Q objects

Risk 76
Severity
9.1
Exploited
First published (updated )
CVE-2025-64459

pip/djangoPotential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

Risk 46
Severity
7.5
First published (updated )
CVE-2025-64458
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Django DjangoDjango CVE-2025-59681 and CVE-2025-59682

Risk 41
Severity
6.5
First published (updated )
CVE-2025-59682

Django DjangoDjango CVE-2025-59681 and CVE-2025-59682

Risk 92
Severity
9.8
First published (updated )
CVE-2025-59681

pip/DjangoDjango: Potential SQL injection in Filtedlation column aliases

Risk 80
Severity
8.1
First published (updated )
CVE-2025-57833

Django DjangoDjango: Potential log injection via unescaped quest path

Risk 20
Severity
5.3
EPSS
0.05%
First published (updated )
CVE-2025-48432

pip/DjangoDjango: Denial-of-service possibility in strip_tags()

Risk 37
Severity
7.5
First published (updated )
CVE-2025-32873
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Django DjangoDjango: Potential DoS in LoginView, LogoutView, and set_language() on Windows

Risk 46
Severity
7.5
First published (updated )
CVE-2025-27556

Django DjangoDjango: Potential denial-of-service in django.utils.text.wrap()

Risk 32
Severity
7.5
EPSS
0.06%
First published (updated )
CVE-2025-26699

pip/DjangoDjango: Potential denial-of-service vulnerability in IPv6 validation

Risk 46
Severity
7.5
First published (updated )
CVE-2024-56374

pip/djangoDjango CVE-2024-53907 and CVE-2024-53908

Risk 46
Severity
7.5
First published (updated )
CVE-2024-53907

pip/djangoDjango CVE-2024-53907 and CVE-2024-53908

Risk 92
Severity
9.8
First published (updated )
CVE-2024-53908
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203