python-django vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the python-django package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2025-64459	<3:4.2.26-1
C SQL Injection	<3:4.2.25-1
M Directory Traversal	<3:4.2.25-1
H SQL Injection	<3:4.2.24-1
L CVE-2024-39329	<3:4.2.14-1
H CVE-2024-41990	<3:4.2.15-1
H Improper Validation of Specified Quantity in Input	<3:3.2.21-1
L CVE-2024-39330	<3:4.2.14-1
H Improper Validation of Specified Quantity in Input	<3:4.2.6-1
H CVE-2024-56374	<3:4.2.18-1
H CVE-2022-41323	<3:3.2.16-1
H CVE-2021-45115	<2:3.2.11-1
L Cross-site Scripting (XSS)	<2:2.2.22-1
L Allocation of Resources Without Limits or Throttling	<1:1.11.20-1
M Directory Traversal	<2:2.2.18-1
H Uncontrolled Recursion	<2:2.2.4-1
L SQL Injection	<2:2.2.11-1
H Resource Exhaustion	<2:2.2.4-1
M Incorrect Regular Expression	<1:1.11.11-1
H Unrestricted Upload of File with Dangerous Type	<2:2.2.21-1
H Incorrect Default Permissions	<2:2.2.16-1
H Allocation of Resources Without Limits or Throttling	<3:3.2.17-1
C Weak Password Recovery Mechanism for Forgotten Password	<2:2.2.9-1
M Open Redirect	<1:1.10.7-1
M Cross-site Scripting (XSS)	<1:1.9.8-1
M HTTP Request Smuggling	<2:2.2.19-1
M CVE-2025-32873	<3:4.2.21-1
C Use of Hard-coded Credentials	<1:1.10.3-1
M Information Exposure	<1.8.7-1
M Improper Input Validation	<1.7.9-1
M Cross-site Scripting (XSS)	<1.7.7-1
H Improper Validation of Specified Quantity in Input	<3:4.2.15-1
H CVE-2024-24680	<3:4.2.10-1
M Code	<1.7.1-1.1
C SQL Injection	<2:3.2.13-1
H Cross-site Scripting (XSS)	<1.9.4-1
M Improper Access Control	<1.9.2-1
M Resource Management Errors	<1.7.10-1
M Cross-site Scripting (XSS)	<2:2.2.13-1
M Cross-site Scripting (XSS)	<1.4.1-1
H Resource Exhaustion	<2:2.2.4-1
C SQL Injection	<2:2.2.10-1
M Cross-site Scripting (XSS)	<1.5.2-1
M Cross-site Scripting (XSS)	<1.2.5-1
M Improper Authentication	<1.5.4-1
M Arbitrary Code Injection	<1.6.3-1
M Open Redirect	<1:1.10.7-1
M Incorrect Regular Expression	<1:1.11.11-1
M Improper Input Validation	<1.4.1-1
M Cross-site Request Forgery (CSRF)	<1.2.5-1
M Access Restriction Bypass	<1.2.4-1
L CVE-2024-53907	<3:4.2.17-1
M CVE-2009-3695	<1.1.1-1
H CVE-2025-26699	<3:4.2.20-1
L CVE-2024-38875	<3:4.2.14-1
H Access Restriction Bypass	<1:1.10.3-1
C Improper Input Validation	<3:3.2.19-1
M Improper Input Validation	<1.6.6-1
M Code	<1.7.1-1.1
C SQL Injection	<2:4.0.6-1
H Improper Input Validation	<2:3.2.11-1
C SQL Injection	<2:3.2.13-1
M Cross-site Scripting (XSS)	<1.5.2-1
H Incorrect Default Permissions	<2:2.2.16-1
L Access Restriction Bypass	<1.6.6-1
M Improper Input Validation	<1:1.11.18-1
M Improper Input Validation	<1.3.1-1
H CVE-2024-41989	<3:4.2.15-1
M Out-of-Bounds	<1.4.1-1
L Security Features	<1:1.10-1
M Improper Input Validation	<1.3.1-1
H Resource Management Errors	<1.7.9-1
L Resource Management Errors	<0.96-1.1
M Cross-site Scripting (XSS)	<1.7.6-1
M CVE-2014-1418	<1.6.5-1
M Cross-site Scripting (XSS)	<1.7.1-1.1
M Resource Management Errors	<1.6.6-1
M Access Restriction Bypass	<1.6.3-1
C Resource Management Errors	<1.6.3-1
M Cross-site Request Forgery (CSRF)	<1.3.1-1
L Cross-site Scripting (XSS)	<1.2.3-1
M Cross-site Scripting (XSS)	<1:1.11.21-1
M Improper Input Validation	<1.2.4-1
M CVE-2007-0405	<0.95.1-1
M Improper Output Neutralization for Logs	<3:4.2.23-1
H CVE-2024-45230	<3:4.2.16-1
L CVE-2024-27351	<3:4.2.11-1
H Inefficient Regular Expression Complexity	<3:3.2.20-1
M Directory Traversal	<2:2.2.20-1
H Server-Side Request Forgery (SSRF)	<2:2.2.24-1
M Cross-site Scripting (XSS)	<2:3.2.12-1
L CVE-2024-53908	<3:4.2.17-1
M Directory Traversal	<2:2.2.24-1
H Download of Code Without Integrity Check	<3:3.2.15-1
M Improper Certificate Validation	<2:2.2.13-1
M CVE-2024-45231	<3:4.2.16-1
H SQL Injection	<3:4.2.15-1
H Resource Exhaustion	<3:3.2.18-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2:3.2.12-1
M Directory Traversal	<2:3.2.11-1
M Resource Management Errors	<1.7.10-1
H CVE-2021-44420	<2:3.2.10-1
H Information Exposure	<1:1.11.10-1
L CVE-2024-39614	<3:4.2.14-1
M Resource Management Errors	<1.7.7-1
M Cleartext Transmission of Sensitive Information	<1:1.11.22-1
C SQL Injection	<2:2.2.4-1
M Improper Input Validation	<1.4.2-1
M Open Redirect	<1:1.11.15-1
M Resource Management Errors	<1.3.1-1
L Information Exposure	<1.9.4-1
L Cross-site Request Forgery (CSRF)	<1.2.1
M Incorrect Default Permissions	<2:2.2.8-1
M Improper Authentication	<1.6.6-1
L Cross-site Scripting (XSS)	<1:1.11.5-1
M Improper Input Validation	<1.6.5-1
M Resource Management Errors	<1.7.1-1.1
M Information Exposure	<1.4.4-1
M Information Exposure	<1.4.4-1
M Cross-site Request Forgery (CSRF)	<1.0-1
M Improper Input Validation	<1.3.1-1
M Directory Traversal	<1.5.3-1
M Numeric Errors	<1.4.4-1
L Cross-site Scripting (XSS)	<0.96.2-1
H CVE-2007-0404	<0.95.1-1
L Directory Traversal	<1.1-1

Vulnerability

Vulnerable Version

CVE-2025-64459

<3:4.2.26-1