HIGH 7.5 PyPI
GHSA-cqf7-ff9h-7967 · CVE-2015-5145, PYSEC-2015-21 Django ReDoS in validators.URLValidator
Modified: 9/18/2024
package
PyPI / django
pkg:pypi/django
HIGH 7.5 PyPI
GHSA-crhm-qpjc-cm64 · CVE-2016-7401, PYSEC-2016-3 Django CSRF Protection Bypass
Modified: 11/28/2024
HIGH 7.5 PyPI
GHSA-f6f8-9mx6-9mx2 · BIT-django-2024-39614, CVE-2024-39614 Django vulnerable to Denial of Service
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-f7cm-ccfp-3q4r · CVE-2014-0480, PYSEC-2014-4 Django Incorrectly Validates URLs
Modified: 2/19/2025
LOW 3.1 PyPI
GHSA-fp6p-5xvw-m74f · CVE-2016-2513, PYSEC-2016-16 Django User Enumeration Vulnerability
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-fr28-569j-53c4 · BIT-django-2020-24584, CVE-2020-24584 Django Incorrect Default Permissions
Modified: 11/19/2024
CRITICAL 9.1 PyPI
GHSA-frmv-pr5f-9mcr · BIT-django-2025-64459, CVE-2025-64459 Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
Modified: 6/5/2026
MEDIUM 5.3 PyPI
GHSA-fvgf-6h6h-3322 · BIT-django-2021-3281, CVE-2021-3281 Django Directory Traversal via archive.extract
Modified: 9/20/2024
MEDIUM 6.5 PyPI
GHSA-fwr5-q9rx-294f · CVE-2010-4534, PYSEC-2011-28 Improper query string handling in Django
Modified: 5/19/2026
MEDIUM 6.1 PyPI
GHSA-fxpg-gg9g-76gj · CVE-2010-3082, PYSEC-2010-12 Cross-site scripting in django
Modified: 9/16/2024
MEDIUM 5.3 PyPI
GHSA-g8xg-jgj6-49r3 · CVE-2013-0306, PYSEC-2013-17 Django is vulnerable to Denial of Service attack in formset
Modified: 2/19/2025
MEDIUM 6.1 PyPI
GHSA-gv98-g628-m9x5 · CVE-2015-0220, PYSEC-2015-5 Django Cross-site Scripting Vulnerability
Modified: 2/19/2025
HIGH PyPI
GHSA-gvg8-93h5-g6qq · BIT-django-2026-1287, CVE-2026-1287 Django has an SQL Injection issue
Modified: 6/5/2026
MEDIUM 6.1 PyPI
GHSA-h4hv-m4h4-mhwg · CVE-2017-7234, PYSEC-2017-10 Django open redirect
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-h582-2pch-3xv3 · CVE-2015-5143, PYSEC-2015-20 Django Denial-of-service by filling session store
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-h5jv-4p7w-64jg · CVE-2019-14233, PYSEC-2019-12 Django Denial-of-service in strip_tags()
Modified: 9/20/2024
MEDIUM 5.9 PyPI
GHSA-h8gc-pgj2-vjm3 · BIT-django-2023-43665, CVE-2023-43665 Django Denial-of-service in django.utils.text.Truncator
Modified: 11/4/2025
HIGH 7.5 PyPI
GHSA-h95j-h2rv-qrg4 · CVE-2011-4140, PYSEC-2011-5 Django Cross-Site Request Forgery vulnerability
Modified: 9/16/2024
CRITICAL 9.8 PyPI
GHSA-hmr4-m2h5-33qx · BIT-django-2020-7471, CVE-2020-7471 SQL injection in Django
Modified: 2/21/2025
HIGH 7.1 PyPI
GHSA-hpr9-3m2g-3j9p · BIT-django-2025-59681, CVE-2025-59681 Django vulnerable to SQL injection in column aliases
Modified: 6/5/2026
MEDIUM 6.5 PyPI
GHSA-hvmf-r92r-27hr · CVE-2019-19118, PYSEC-2019-15 Django allows unintended model editing
Modified: 11/19/2024
HIGH 7.5 PyPI
GHSA-j3j3-jrfh-cm2w · CVE-2015-2316, PYSEC-2015-18 Django Denial-of-service possibility with strip_tags
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-jh3w-4vvf-mjgr · BIT-django-2023-36053, CVE-2023-36053 Django has regular expression denial of service vulnerability in EmailValidator/URLValidator
Modified: 11/4/2025
MEDIUM 5.3 PyPI
GHSA-jh75-99hh-qvx9 · BIT-django-2024-41989, CVE-2024-41989 Django memory consumption vulnerability
Modified: 11/4/2025
HIGH 7.5 PyPI
GHSA-jhjg-w2cp-5j44 · CVE-2015-0221, PYSEC-2015-6 Django DoS in django.views.static.serve
Modified: 2/19/2025
MEDIUM 5.3 PyPI
GHSA-jrh2-hc4r-7jwx · BIT-django-2021-45452, CVE-2021-45452 Directory-traversal in Django
Modified: 9/20/2024
HIGH 7.5 PyPI
GHSA-m6gj-h9gm-gw44 · BIT-django-2020-24583, CVE-2020-24583 Django Incorrect Default Permissions
Modified: 9/18/2024
CRITICAL 9.8 PyPI
GHSA-m9g8-fxxm-xg86 · BIT-django-2024-53908, CVE-2024-53908 Django SQL injection in HasKey(lhs, rhs) on Oracle
Modified: 2/4/2026
LOW 3.7 PyPI
GHSA-mjgh-79qc-68w3 · BIT-django-2026-25674, CVE-2026-25674 Django has a Race Condition vulnerability
Modified: 3/6/2026
LOW 2.7 PyPI
GHSA-mmwr-2jhp-mc7j · BIT-django-2026-4292, CVE-2026-4292 Django vulnerable to privilege abuse in ModelAdmin.list_editable
Modified: 6/6/2026
CRITICAL 9.8 PyPI
GHSA-mv8g-fhh6-6267 · CVE-2016-9013, PYSEC-2016-17 Django user with hardcoded password created when running tests on Oracle
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-mvfq-ggxm-9mc5 · BIT-django-2026-3902, CVE-2026-3902 Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
Modified: 6/5/2026
HIGH PyPI
GHSA-mwm9-4648-f68q · BIT-django-2026-1207, CVE-2026-1207 Django has an SQL Injection issue
Modified: 6/5/2026
MEDIUM PyPI
GHSA-mwv2-398h-v489 · CVE-2007-0405 Django Improper Access Control
Modified: 4/9/2025
MEDIUM 5.0 PyPI
GHSA-p3fp-8748-vqfq · BIT-django-2025-26699, CVE-2025-26699 Django vulnerable to Allocation of Resources Without Limits or Throttling
Modified: 2/4/2026
CRITICAL 9.8 PyPI
GHSA-p64x-8rxx-wf6q · BIT-django-2022-34265, CVE-2022-34265 Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Modified: 2/21/2025
HIGH 7.5 PyPI
GHSA-p6m5-h7pp-v2x5 · CVE-2009-3695, PYSEC-2009-4 Django Regex Algorithmic Complexity Causes Denial of Service
Modified: 9/16/2024
HIGH 7.5 PyPI
GHSA-p99v-5w3c-jqq9 · BIT-django-2021-33571, CVE-2021-33571 Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
Modified: 9/20/2024
HIGH 7.5 PyPI
GHSA-pgxh-wfw4-jx2v · CVE-2015-5963, PYSEC-2015-22 Django denial of service via empty session record creation
Modified: 2/18/2025
CRITICAL 9.1 PyPI
GHSA-pv4p-cwwg-4rph · BIT-django-2024-42005, CVE-2024-42005 Django SQL injection vulnerability
Modified: 11/4/2025
HIGH 7.4 PyPI
GHSA-pw27-w7w4-9qc7 · CVE-2016-2512, PYSEC-2016-15 Django XSS Vulnerability
Modified: 9/18/2024
LOW PyPI
GHSA-pwjp-ccjc-ghwg · BIT-django-2026-4277, CVE-2026-4277 Django vulnerable to privilege abuse in GenericInlineModelAdmin
Modified: 6/6/2026
HIGH 7.5 PyPI
GHSA-q2jf-h9jm-m7p4 · BIT-django-2023-23969, CVE-2023-23969 Django contains Uncontrolled Resource Consumption via cached header
Modified: 9/20/2024
HIGH 7.5 PyPI
GHSA-q5qw-4364-5hhm · CVE-2015-5144, PYSEC-2015-10 Django Vulnerable to HTTP Response Splitting Attack
Modified: 2/19/2025
HIGH 7.4 PyPI
GHSA-q7q2-qf2q-rw3w · CVE-2014-1418, PYSEC-2014-19 Django Vulnerable to Cache Poisoning
Modified: 11/28/2024
LOW 3.1 PyPI
GHSA-q95w-c7qg-hrff · BIT-django-2025-59682, CVE-2025-59682 Django vulnerable to partial directory traversal via archives
Modified: 2/4/2026
HIGH PyPI
GHSA-qc99-g3wm-hgxr · CVE-2007-0404 Django Arbitrary Code Execution
Modified: 4/9/2025
MEDIUM 5.8 PyPI
GHSA-qcgg-j2x8-h9g8 · BIT-django-2024-56374, CVE-2024-56374 Django has a potential denial-of-service vulnerability in IPv6 validation
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-qg2p-9jwr-mmqf · BIT-django-2024-38875, CVE-2024-38875 Django vulnerable to Denial of Service
Modified: 2/4/2026
MEDIUM 6.1 PyPI
GHSA-qm57-vhq3-3fwf · BIT-django-2021-32052, CVE-2021-32052 Header injection possible in Django
Modified: 9/20/2024
HIGH 7.5 PyPI
GHSA-qmf9-6jqf-j8fq · BIT-django-2023-46695, CVE-2023-46695 Django potential denial of service vulnerability in UsernameField on Windows
Modified: 9/20/2024
HIGH 7.5 PyPI
GHSA-qrw5-5h28-6cmg · BIT-django-2022-41323, CVE-2022-41323 Django denial-of-service vulnerability in internationalized URLs
Modified: 9/20/2024
MEDIUM PyPI
GHSA-qrh7-x6fp-c2mp · CVE-2013-1664 XML Entity Expansion (XEE) in Django
Modified: 12/6/2024
HIGH 7.5 PyPI
GHSA-qw25-v68c-qjf3 · BIT-django-2025-64458, CVE-2025-64458 Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
Modified: 6/5/2026
MEDIUM 5.3 PyPI
GHSA-r28v-mw67-m5p9 · CVE-2018-7536, PYSEC-2018-5 Django denial-of-service possibility in urlize and urlizetrunc template filters
Modified: 9/18/2024
CRITICAL 9.8 PyPI
GHSA-r3xc-prgr-mg9p · BIT-django-2023-31047, CVE-2023-31047 Django bypasses validation when using one form field to upload multiple files
Modified: 2/21/2025
HIGH 7.5 PyPI
GHSA-r5cj-wv24-92p5 · CVE-2008-3909, PYSEC-2008-2 Django cross-site request forgery (CSRF) vulnerability
Modified: 9/16/2024
MEDIUM 4.3 PyPI
GHSA-r7w6-p47g-vj53 · CVE-2013-0305, PYSEC-2013-16 Django Data leakage via admin history log
Modified: 2/19/2025
MEDIUM 5.3 PyPI
GHSA-r836-hh6v-rg5g · BIT-django-2024-41991, CVE-2024-41991 Django vulnerable to denial-of-service attack
Modified: 11/4/2025
HIGH 7.5 PyPI
GHSA-rf4j-j272-fj86 · CVE-2018-6188, PYSEC-2018-4 Django vulnerable to information leakage in AuthenticationForm
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-rm2j-x595-q9cj · CVE-2011-4139, PYSEC-2011-4 Django Vulnerable to Cache Poisoning
Modified: 9/16/2024
MEDIUM 4.3 PyPI
GHSA-rqw2-ghq9-44m7 · BIT-django-2025-13372, CVE-2025-13372 Django is vulnerable to SQL injection in column aliases
Modified: 6/5/2026
LOW 3.7 PyPI
GHSA-rrqc-c2jx-6jgv · BIT-django-2024-45231, CVE-2024-45231 Django allows enumeration of user e-mail addresses
Modified: 10/30/2024
CRITICAL 9.8 PyPI
GHSA-rvq6-mrpv-m6rm · CVE-2014-0472, PYSEC-2014-1 Code Injection in Django
Modified: 4/13/2025
MEDIUM 5.3 PyPI
GHSA-rw75-m7gp-92m3 · CVE-2014-0483, PYSEC-2014-7 Django data leakage via querystring manipulation in admin
Modified: 9/18/2024
HIGH 7.5 PyPI
GHSA-rxjp-mfm9-w4wr · BIT-django-2021-31542, CVE-2021-31542 Path Traversal in Django
Modified: 9/20/2024
HIGH 7.3 PyPI
GHSA-v6rh-hp5x-86rv · BIT-django-2021-44420, CVE-2021-44420 Potential bypass of an upstream access control based on URL paths in Django
Modified: 11/19/2024
HIGH 7.5 PyPI
GHSA-v9qg-3j8p-r63v · CVE-2019-14235, PYSEC-2019-14 Uncontrolled Recursion in Django
Modified: 9/20/2024
CRITICAL 9.8 PyPI
GHSA-vfq6-hq5r-27r6 · CVE-2019-19844, PYSEC-2019-16 Django Potential account hijack via password reset form
Modified: 9/20/2024
HIGH 8.6 PyPI
GHSA-vjjp-9r83-22rc · CVE-2013-4315, PYSEC-2013-20 Django Directory Traversal via ssi template tag
Modified: 9/18/2024
MEDIUM 5.3 PyPI
GHSA-vm8q-m57g-pff3 · BIT-django-2024-27351, CVE-2024-27351 Regular expression denial-of-service in Django
Modified: 2/4/2026
HIGH 7.5 PyPI
GHSA-vq3h-3q7v-9prw · CVE-2014-3730, PYSEC-2014-20 Django Allows Open Redirects
Modified: 2/19/2025
MEDIUM PyPI
GHSA-vrcr-9hj9-jcg6 · BIT-django-2025-64460, CVE-2025-64460 Django is vulnerable to DoS via XML serializer text extraction
Modified: 6/5/2026
CRITICAL 9.8 PyPI
GHSA-w24h-v9qh-8gxj · BIT-django-2022-28347, CVE-2022-28347 SQL Injection in Django
Modified: 2/21/2025
MEDIUM 5.3 PyPI
GHSA-w26r-rmm8-9c29 · BIT-django-2026-5766, CVE-2026-5766 Django has an Improper Handling of Length Parameter Inconsistency
Modified: 6/6/2026
HIGH 7.5 PyPI
GHSA-wh4h-v3f2-r2pp · CVE-2019-6975, PYSEC-2019-18 Uncontrolled Memory Consumption in Django
Modified: 2/21/2025
MEDIUM 5.9 PyPI
GHSA-wpjr-j57x-wxfw · BIT-django-2020-13254, CVE-2020-13254 Data leakage via cache key collision in Django
Modified: 11/19/2024
MEDIUM 5.8 PyPI
GHSA-wqfg-m96j-85vm · BIT-django-2025-27556, CVE-2025-27556 Django Potential Denial of Service (DoS) on Windows
Modified: 9/25/2025
CRITICAL 9.8 PyPI
GHSA-wqjj-hx84-v449 · CVE-2014-0474, PYSEC-2014-3 Django Vulnerable to MySQL Injection
Modified: 4/13/2025
HIGH 7.5 PyPI
GHSA-wxg3-mfph-qg9w · CVE-2011-4138, PYSEC-2011-3 Django Might Allow CSRF Requests via URL Verification
Modified: 9/16/2024
HIGH 7.5 PyPI
GHSA-x38m-486c-2wr9 · CVE-2015-5964, PYSEC-2015-23 Denial-of-service possibility in logout() view by filling session store
Modified: 11/28/2024
MEDIUM PyPI
GHSA-x64m-686f-fmm3 · CVE-2013-1665 XML External Entity (XXE) in Django
Modified: 12/6/2024
MEDIUM 5.3 PyPI
GHSA-x7q2-wr7g-xqmf · BIT-django-2024-39329, CVE-2024-39329 Django vulnerable to user enumeration attack
Modified: 2/4/2026
MEDIUM 4.0 PyPI
GHSA-x88j-93vc-wpmp · CVE-2011-4136, PYSEC-2011-1 Session manipulation in Django
Modified: 9/16/2024
MEDIUM 5.3 PyPI
GHSA-xgxc-v2qg-chmh · BIT-django-2021-28658, CVE-2021-28658 Directory Traversal in Django
Modified: 9/20/2024
CRITICAL 9.8 PyPI
GHSA-xpfp-f569-q3p2 · BIT-django-2021-35042, CVE-2021-35042 SQL Injection in Django
Modified: 2/21/2025
MEDIUM 5.9 PyPI
GHSA-xxj9-f6rv-m3x4 · BIT-django-2024-24680, CVE-2024-24680 Django denial-of-service attack in the intcomma template filter
Modified: 2/4/2026
— PyPI
PYSEC-2007-1 · CVE-2007-5712, GHSA-9v8h-57gv-qch6 Modified: 4/29/2024
— PyPI
PYSEC-2008-1 · CVE-2008-2302, GHSA-54qj-48vx-cr9f Modified: 11/8/2023
— PyPI
PYSEC-2008-2 · CVE-2008-3909, GHSA-r5cj-wv24-92p5 Modified: 11/8/2023
— PyPI
PYSEC-2009-3 · CVE-2009-2659, GHSA-9xg7-gg9m-rmq9 Modified: 2/8/2024
— PyPI
PYSEC-2009-4 · CVE-2009-3695, GHSA-p6m5-h7pp-v2x5 Modified: 2/8/2024
— PyPI
PYSEC-2010-12 · CVE-2010-3082, GHSA-fxpg-gg9g-76gj Modified: 11/8/2023
— PyPI
PYSEC-2011-1 · CVE-2011-4136, GHSA-x88j-93vc-wpmp Modified: 11/8/2023
— PyPI
PYSEC-2011-10 · CVE-2011-0696, GHSA-5j2h-h5hg-3wf8 Modified: 5/19/2026
— PyPI
PYSEC-2011-11 · CVE-2011-0697, GHSA-8m3r-rv5g-fcpq Modified: 5/19/2026
— PyPI
PYSEC-2011-12 · CVE-2011-0698, GHSA-7g9h-c88w-r7h2 Modified: 11/8/2023
— PyPI
PYSEC-2011-2 · CVE-2011-4137, GHSA-3jqw-crqj-w8qw Modified: 11/8/2023
— PyPI
PYSEC-2011-28 · CVE-2010-4534, GHSA-fwr5-q9rx-294f Modified: 5/19/2026
— PyPI
PYSEC-2011-29 · CVE-2010-4535, GHSA-7wph-fc4w-wqp2 Modified: 5/19/2026