| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-45231 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The dja ... |
| CVE-2024-45230 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, ... |
| CVE-2024-42005 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... |
| CVE-2024-41991 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... |
| CVE-2024-41990 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... |
| CVE-2024-41989 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ... |
| CVE-2024-39614 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ... |
| CVE-2024-39330 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ... |
| CVE-2024-39329 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ... |
| CVE-2024-38875 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ... |
| CVE-2024-27351 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, ... |
| CVE-2024-24680 | vulnerable (no DSA, postponed) | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10 ... |
| CVE-2023-43665 | vulnerable (no DSA, postponed) | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ... |
| CVE-2023-41164 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, ... |
| CVE-2023-36053 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | fixed | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ... |
| CVE-2023-31047 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ... |
| CVE-2023-24580 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | An issue was discovered in the Multipart Request Parser in Django 3.2 ... |
| CVE-2021-45452 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ... |
| CVE-2021-45116 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ... |
| Bug | Description |
|---|
| TEMP-0407607-240F77 | python-django flup/FastCGI/debugging issue |
| CVE-2023-46695 | An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ... |
| CVE-2023-23969 | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ... |
| CVE-2022-41323 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ... |
| CVE-2022-36359 | An issue was discovered in the HTTP FileResponse class in Django 3.2 b ... |
| CVE-2022-34265 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ... |
| CVE-2022-28347 | A SQL injection issue was discovered in QuerySet.explain() in Django 2 ... |
| CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ... |
| CVE-2022-23833 | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ... |
| CVE-2022-22818 | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ... |
| CVE-2021-45115 | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ... |
| CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ... |
| CVE-2021-35042 | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ... |
| CVE-2021-33571 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ... |
| CVE-2021-33203 | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ... |
| CVE-2021-31542 | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ... |
| CVE-2021-28658 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ... |
| CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ... |
| CVE-2021-3281 | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ... |
| CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ... |
| CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ... |
| CVE-2020-13596 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ... |
| CVE-2020-13254 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ... |
| CVE-2020-9402 | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ... |
| CVE-2020-7471 | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ... |
| CVE-2019-19844 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ... |
| CVE-2019-19118 | Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ... |
| CVE-2019-14235 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... |
| CVE-2019-14234 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... |
| CVE-2019-14233 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... |
| CVE-2019-14232 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ... |
| CVE-2019-12781 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ... |
| CVE-2019-12308 | An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ... |
| CVE-2019-6975 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2. ... |
| CVE-2019-3498 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ... |
| CVE-2018-16984 | An issue was discovered in Django 2.1 before 2.1.2, in which unprivile ... |
| CVE-2018-14574 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11 ... |
| CVE-2018-7537 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ... |
| CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ... |
| CVE-2018-6188 | django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0. ... |
| CVE-2017-12794 | In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ... |
| CVE-2017-7234 | A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ... |
| CVE-2017-7233 | Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 re ... |
| CVE-2016-9014 | Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ... |
| CVE-2016-9013 | Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ... |
| CVE-2016-7401 | The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.1 ... |
| CVE-2016-6186 | Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedOb ... |
| CVE-2016-2513 | The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ... |
| CVE-2016-2512 | The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ... |
| CVE-2016-2048 | Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ... |
| CVE-2015-8213 | The get_format function in utils/formats.py in Django before 1.7.x bef ... |
| CVE-2015-5964 | The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache ... |
| CVE-2015-5963 | contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ... |
| CVE-2015-5145 | validators.URLValidator in Django 1.8.x before 1.8.3 allows remote att ... |
| CVE-2015-5144 | Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8 ... |
| CVE-2015-5143 | The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7 ... |
| CVE-2015-3982 | The session.flush function in the cached_db backend in Django 1.8.x be ... |
| CVE-2015-2317 | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1. ... |
| CVE-2015-2316 | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7. ... |
| CVE-2015-2241 | Cross-site scripting (XSS) vulnerability in the contents function in a ... |
| CVE-2015-0222 | ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x befor ... |
| CVE-2015-0221 | The django.views.static.serve view in Django before 1.4.18, 1.6.x befo ... |
| CVE-2015-0220 | The django.util.http.is_safe_url function in Django before 1.4.18, 1.6 ... |
| CVE-2015-0219 | Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allo ... |
| CVE-2014-3730 | The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ... |
| CVE-2014-1418 | Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ... |
| CVE-2014-0483 | The administrative interface (contrib.admin) in Django before 1.4.14, ... |
| CVE-2014-0482 | The contrib.auth.middleware.RemoteUserMiddleware middleware in Django ... |
| CVE-2014-0481 | The default configuration for the file upload handling system in Djang ... |
| CVE-2014-0480 | The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ... |
| CVE-2014-0474 | The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFie ... |
| CVE-2014-0473 | The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6 ... |
| CVE-2014-0472 | The django.core.urlresolvers.reverse function in Django before 1.4.11, ... |
| CVE-2013-6044 | The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6 ... |
| CVE-2013-4315 | Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ... |
| CVE-2013-4249 | Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget wi ... |
| CVE-2013-1665 | The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ... |
| CVE-2013-1443 | The authentication framework (django.contrib.auth) in Django 1.4.x bef ... |
| CVE-2013-0306 | The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ... |
| CVE-2013-0305 | The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ... |
| CVE-2012-4520 | The django.http.HttpRequest.get_host function in Django 1.3.x before 1 ... |
| CVE-2012-3444 | The get_image_dimensions function in the image-handling functionality ... |
| CVE-2012-3443 | The django.forms.ImageField class in the form system in Django before ... |
| CVE-2012-3442 | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ... |
| CVE-2011-4140 | The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ... |
| CVE-2011-4139 | Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ... |
| CVE-2011-4138 | The verify_exists functionality in the URLField implementation in Djan ... |
| CVE-2011-4137 | The verify_exists functionality in the URLField implementation in Djan ... |
| CVE-2011-4136 | django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ... |
| CVE-2011-0698 | Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ... |
| CVE-2011-0697 | Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ... |
| CVE-2011-0696 | Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ... |
| CVE-2010-4535 | The password reset functionality in django.contrib.auth in Django befo ... |
| CVE-2010-4534 | The administrative interface in django.contrib.admin in Django before ... |
| CVE-2010-3082 | Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ... |
| CVE-2009-3695 | Algorithmic complexity vulnerability in the forms library in Django 1. ... |
| CVE-2009-2659 | The Admin media handler in core/servers/basehttp.py in Django 1.0 and ... |
| CVE-2008-3909 | The administration application in Django 0.91, 0.95, and 0.96 stores u ... |
| CVE-2008-2302 | Cross-site scripting (XSS) vulnerability in the login form in the admi ... |
| CVE-2007-5828 | Cross-site request forgery (CSRF) vulnerability in the admin panel in ... |
| CVE-2007-5712 | The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ... |
| CVE-2007-0405 | The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ... |
| CVE-2007-0404 | bin/compile-messages.py in Django 0.95 does not quote argument strings ... |