Django vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

5.1.3
latest non vulnerable version

5.1.3
first published

15 years ago
latest version published

13 days ago
licenses detected
- BSD-2-Clause
  [1.0.1,3.1a1)
- BSD-3-Clause
  [3.1a1,)
View Django package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS)	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
M Improper Check for Unusual or Exceptional Conditions	[,4.2.16) [5.0a1,5.0.9) [5.1a1,5.1.1)
C SQL Injection	[,4.2.15) [5.0,5.0.8)
M Uncontrolled Resource Consumption	[,4.2.15) [5.0,5.0.8)
M Denial of Service (DoS)	[,4.2.15) [5.0,5.0.8)
M Denial of Service (DoS)	[,4.2.15) [5.0,5.0.8)
M Timing Attack	[,4.2.14) [5.0a1,5.0.7)
M Directory Traversal	[,4.2.14) [5.0a1,5.0.7)
M Denial of Service (DoS)	[,4.2.14) [5.0a1,5.0.7)
M Denial of Service (DoS)	[,4.2.14) [5.0a1,5.0.7)
H Denial of Service (DoS)	[1.3.6,1.4.4)
H Denial of Service (DoS)	[1.3.6,1.4.4)
M Regular Expression Denial of Service (ReDoS)	[,3.2.25) [4.0a1,4.2.11) [5.0a1,5.0.3)
H Denial of Service (DoS)	[3.2,3.2.24) [4.2,4.2.10) [5.0,5.0.2)
M Cross-site Scripting (XSS)	[1.5,1.5.2)
M Denial of Service (DoS)	[,3.2.23) [4.0a1,4.1.13) [4.2a1,4.2.7)
M Regular Expression Denial of Service (ReDoS)	[,3.2.22) [4.0,4.1.12) [4.2,4.2.6)
H Denial of Service (DoS)	[,3.2.21) [4.0a1,4.1.11) [4.2a1,4.2.5)
H Regular Expression Denial of Service (ReDoS)	[,3.2.20) [4.0a1,4.1.10) [4.2a1,4.2.3)
M Arbitrary File Upload	[,3.2.19) [4.1a1,4.1.9) [4.2a1,4.2.1)
M Cross-site Scripting (XSS)	[,1.1.3)
H Denial of Service (DoS)	[,3.2.18) [4.0a1,4.0.10) [4.1a1,4.1.7)
H Denial of Service (DoS)	[3.2,3.2.17) [4.0,4.0.9) [4.1,4.1.6)
M Denial of Service (DoS)	[4.1a1,4.1.2) [4.0a1,4.0.8) [3.2a1,3.2.16)
H Reflected File Download (RFD)	[,3.2.15) [4.0a1,4.0.7) [4.1rc1,4.1)
C SQL Injection	[,3.2.14) [4.0a1,4.0.6)
C SQL Injection	[,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
C SQL Injection	[,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
M Cross-site Scripting (XSS)	[,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
H Denial of Service (DoS)	[,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
L Directory Traversal	[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
L Information Exposure	[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
M Denial of Service (DoS)	[,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
M Access Restriction Bypass	[,2.2.25) [3.0,3.1.14) [3.2,3.2.10)
H SQL Injection	[3.2a1,3.2.5) [3.1a1,3.1.13)
H Directory Traversal	[3.2,3.2.4) [3.1,3.1.12) [,2.2.24)
M Improper Input Validation	[2.2,2.2.24) [3.1,3.1.12) [3.2,3.2.4)
H HTTP Header Injection	[3.2,3.2.2) [3.0,3.1.10) [,2.2.22)
L Directory Traversal	[,2.2.21) [3.0,3.1.9) [3.2,3.2.1)
L Directory Traversal	[2.2,2.2.20) [3.0,3.0.14) [3.1,3.1.8)
M Web Cache Poisoning	[2.2,2.2.19) [3.0,3.0.13) [3.1,3.1.7)
L Directory Traversal	[1.4,2.2.18) [3.0a1,3.0.12) [3.1a1,3.1.6)
H Insecure Permissions	[2.2,2.2.16) [3.0,3.0.10) [3.1,3.1.1)
H Insecure Permissions	[2.2,2.2.16) [3.0,3.0.10) [3.1,3.1.1)
M Cross-site Scripting (XSS)	[3.0.0,3.0.7) [2.2.0,2.2.13)
M Information Exposure	[3.0,3.0.7) [2.2,2.2.13)
H SQL Injection	[3.0,3.0.4) [2.2,2.2.11) [,1.11.29)
H SQL Injection	[3.0,3.0.3) [2.2,2.2.10) [1.11,1.11.28)
M Account Hijacking	[3.0.0,3.0.1) [2.2.0,2.2.9) [1.11.0,1.11.27)
M Privilege Escalation	[2.1,2.1.15) [2.2,2.2.8)
M SQL Injection	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
H Man-in-the-Middle (MitM)	[1.11.0,1.11.22) [2.1.0,2.1.10) [2.2.0,2.2.3)
L Cross-site Scripting (XSS)	[1.11.0,1.11.21) [2.1.0,2.1.9) [2.2.0,2.2.2)
M Uncontrolled Memory Consumption	[1.11.0,1.11.19) [2.0.0,2.0.11) [2.1.0,2.1.6)
M Content Spoofing	[,1.11.18) [2.0.0,2.0.10) [2.1.0,2.1.5)
M Information Exposure	[2.1.0,2.1.2)
M Open Redirect	[,1.11.15) [2.0.0,2.0.8)
M Regular Expression Denial of Service (ReDoS)	[,1.0.4) [1.1,1.1.1)
L Denial of Service (DoS)	[,0.91.1) [0.95,0.95.1) [0.96,0.96.1)
M Regular Expression Denial of Service (ReDoS)	[1.7,1.8.19) [1.9,1.11.11) [2,2.0.3)
M Information Exposure	[1.7,1.8.19) [1.9,1.11.11) [2,2.0.3)
H Information Exposure	[2,2.0.2) [1.11.8,1.11.10)
M Cross-site Scripting (XSS)	[1.9,1.10.8) [1.11a1,1.11.5)
M Open Redirect	[,1.8.18) [1.9,1.9.13) [1.10,1.10.7)
M Open Redirect	[,1.8.18) [1.9,1.9.13) [1.10,1.10.7)
H DNS Rebinding	[,1.8.16) [1.9,1.9.11) [1.10,1.10.3)
C Use of hardcoded DB password	[,1.8.16) [1.9,1.9.11) [1.10,1.10.3)
M Denial of Service (DoS)	[,1.3.6) [1.4,1.4.4)
H Cross-site Request Forgery (CSRF)	[,1.8.15) [1.9,1.9.10)
M Cross-site Scripting (XSS)	[,1.8.14) [1.9.0,1.9.8)
L Timing Attack	[,1.8.10) [1.9,1.9.3)
H Cross-site Scripting (XSS)	[,1.8.10) [1.9,1.9.3)
M Access Restriction Bypass	[1.9,1.9.2)
M Information Exposure	[,1.7.11) [1.8,1.8.7)
M Denial of Service (DoS)	[,1.4.22) [1.5,1.7.10) [1.8,1.8.4)
M Denial of Service (DoS)	[,1.4.22) [1.5,1.7.10) [1.8,1.8.4)
H Denial of Service (DoS)	[,1.4.21) [1.5,1.7.9) [1.8,1.8.3)
M HTTP Response Splitting	[,1.4.21) [1.5,1.7.9) [1.8,1.8.3)
H Denial of Service (DoS)	[1.8,1.8.3)
M Session Hijacking	[1.8,1.8.2)
M Denial of Service (DoS)	[,1.4.20) [1.5,1.6.11) [1.7,1.7.7)
M Cross-site Scripting (XSS)	[,1.4.20) [1.5,1.6.11) [1.7,1.7.7)
M Cross-site Scripting (XSS)	[1.7,1.7.6)
M WSGI Header Spoofing	[,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Cross-site Scripting (XSS)	[,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Denial of Service (DoS)	[,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Denial of Service (DoS)	[,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Denial of Service (DoS)	[,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
L Information Exposure	[,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Malicious Link Generation	[,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Session Hijacking	[,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Web Cache Poisoning	[,1.4.13) [1.5,1.5.8) [1.6,1.6.5)
M Open Redirect	[,1.4.13) [1.5,1.5.8) [1.6,1.6.5)
M Cross-site Request Forgery (CSRF)	[,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
C SQL Injection	[,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
M Arbitrary Code Execution	[,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
M Directory Traversal	[,1.4.7) [1.5,1.5.3)
M Denial of Service (DoS)	[,1.4.8) [1.5,1.5.4)
M Cross-site Scripting (XSS)	[,1.4.6) [1.5,1.5.2)
M Cross-site Scripting (XSS)	[,1.4.6) [1.5,1.5.2)
M XML External Entity (XXE) Injection	[,1.3.6) [1.4,1.4.4)
M Information Exposure	[,1.3.6) [1.4,1.4.4)
M Denial of Service (DoS)	[,1.3.6) [1.4,1.4.4)
M Host Header Poisoning	[,1.3.4) [1.4,1.4.2)
M Cross-site Scripting (XSS)	[,1.3.2) [1.4,1.4.1)
M Denial of Service (DoS)	[,1.3.2) [1.4,1.4.1)
M Denial of Service (DoS)	[,1.3.2) [1.4,1.4.1)
M Session Manipulation	[,1.2.7) [1.3,1.3.1)
M Denial of Service (DoS)	[,1.2.7) [1.3,1.3.1)
M Arbitrary Request Generation	[,1.2.7) [1.3,1.3.1)
M Web Cache Poisoning	[,1.2.7) [1.3,1.3.1)
L Information Exposure	[,1.2.7) [1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	[,1.2.7) [1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	[,1.1.4) [1.2,1.2.5)
M Cross-site Scripting (XSS)	[,1.1.4) [1.2,1.2.5)
H Directory Traversal	[,1.1.4) [1.2,1.2.5)
M Information Exposure	[,1.1.3) [1.2,1.2.4)
M Denial of Service (DoS)	[,1.1.3) [1.2,1.2.4)
M Cross-site Scripting (XSS)	[1.2,1.2.2)

Package versions

1 - 100 of 366 Results

version	published	direct vulnerabilities
5.1.3	5 Nov, 2024	0 C 0 H 0 M 0 L
5.1.2	8 Oct, 2024	0 C 0 H 0 M 0 L
5.1.1	3 Sep, 2024	0 C 0 H 0 M 0 L
5.1	7 Aug, 2024	0 C 0 H 2 M 0 L
5.1rc1	24 Jul, 2024	0 C 0 H 2 M 0 L
5.1b1	26 Jun, 2024	0 C 0 H 2 M 0 L
5.1a1	22 May, 2024	0 C 0 H 2 M 0 L
5.0.9	3 Sep, 2024	0 C 0 H 0 M 0 L
5.0.8	6 Aug, 2024	0 C 0 H 2 M 0 L
5.0.7	9 Jul, 2024	1 C 0 H 5 M 0 L
5.0.6	7 May, 2024	1 C 0 H 9 M 0 L
5.0.5	6 May, 2024	1 C 0 H 9 M 0 L
5.0.4	3 Apr, 2024	1 C 0 H 9 M 0 L
5.0.3	4 Mar, 2024	1 C 0 H 9 M 0 L
5.0.2	6 Feb, 2024	1 C 0 H 10 M 0 L
5.0.1	2 Jan, 2024	1 C 1 H 10 M 0 L
5.0	4 Dec, 2023	1 C 1 H 10 M 0 L
5.0rc1	20 Nov, 2023	0 C 0 H 7 M 0 L
5.0b1	23 Oct, 2023	0 C 0 H 7 M 0 L
5.0a1	18 Sep, 2023	0 C 0 H 7 M 0 L
4.2.16	3 Sep, 2024	0 C 0 H 0 M 0 L
4.2.15	6 Aug, 2024	0 C 0 H 2 M 0 L
4.2.14	9 Jul, 2024	1 C 0 H 5 M 0 L
4.2.13	7 May, 2024	1 C 0 H 9 M 0 L
4.2.12	6 May, 2024	1 C 0 H 9 M 0 L
4.2.11	4 Mar, 2024	1 C 0 H 9 M 0 L
4.2.10	6 Feb, 2024	1 C 0 H 10 M 0 L
4.2.9	2 Jan, 2024	1 C 1 H 10 M 0 L
4.2.8	4 Dec, 2023	1 C 1 H 10 M 0 L
4.2.7	1 Nov, 2023	1 C 1 H 10 M 0 L
4.2.6	4 Oct, 2023	1 C 1 H 11 M 0 L
4.2.5	4 Sep, 2023	1 C 1 H 12 M 0 L
4.2.4	1 Aug, 2023	1 C 2 H 12 M 0 L
4.2.3	3 Jul, 2023	1 C 2 H 12 M 0 L
4.2.2	5 Jun, 2023	1 C 3 H 12 M 0 L
4.2.1	3 May, 2023	1 C 3 H 12 M 0 L
4.2	3 Apr, 2023	1 C 3 H 13 M 0 L
4.2rc1	20 Mar, 2023	1 C 2 H 12 M 0 L
4.2b1	20 Feb, 2023	1 C 2 H 12 M 0 L
4.2a1	17 Jan, 2023	1 C 2 H 12 M 0 L
4.1.13	1 Nov, 2023	1 C 0 H 10 M 0 L
4.1.12	4 Oct, 2023	1 C 0 H 11 M 0 L
4.1.11	4 Sep, 2023	1 C 0 H 12 M 0 L
4.1.10	3 Jul, 2023	1 C 1 H 12 M 0 L
4.1.9	3 May, 2023	1 C 2 H 12 M 0 L
4.1.8	5 Apr, 2023	1 C 2 H 13 M 0 L
4.1.7	14 Feb, 2023	1 C 2 H 13 M 0 L
4.1.6	1 Feb, 2023	1 C 3 H 13 M 0 L
4.1.5	2 Jan, 2023	1 C 4 H 13 M 0 L
4.1.4	6 Dec, 2022	1 C 4 H 13 M 0 L
4.1.3	1 Nov, 2022	1 C 4 H 13 M 0 L
4.1.2	4 Oct, 2022	1 C 4 H 13 M 0 L
4.1.1	5 Sep, 2022	1 C 4 H 14 M 0 L
4.1	3 Aug, 2022	1 C 4 H 14 M 0 L
4.1rc1	19 Jul, 2022	1 C 4 H 14 M 0 L
4.1b1	21 Jun, 2022	1 C 3 H 14 M 0 L
4.1a1	18 May, 2022	1 C 3 H 14 M 0 L
4.0.10	14 Feb, 2023	1 C 2 H 12 M 0 L
4.0.9	1 Feb, 2023	1 C 3 H 12 M 0 L
4.0.8	4 Oct, 2022	1 C 4 H 12 M 0 L
4.0.7	3 Aug, 2022	1 C 4 H 13 M 0 L
4.0.6	4 Jul, 2022	1 C 5 H 13 M 0 L
4.0.5	1 Jun, 2022	2 C 5 H 13 M 0 L
4.0.4	11 Apr, 2022	2 C 5 H 13 M 0 L
4.0.3	1 Mar, 2022	4 C 5 H 13 M 0 L
4.0.2	1 Feb, 2022	4 C 5 H 13 M 0 L
4.0.1	4 Jan, 2022	4 C 6 H 14 M 0 L
4.0	7 Dec, 2021	4 C 6 H 15 M 2 L
4.0rc1	22 Nov, 2021	2 C 4 H 12 M 0 L
4.0b1	25 Oct, 2021	2 C 4 H 12 M 0 L
4.0a1	21 Sep, 2021	2 C 4 H 12 M 0 L
3.2.25	4 Mar, 2024	1 C 0 H 9 M 0 L
3.2.24	6 Feb, 2024	1 C 0 H 10 M 0 L
3.2.23	1 Nov, 2023	1 C 1 H 10 M 0 L
3.2.22	4 Oct, 2023	1 C 1 H 11 M 0 L
3.2.21	4 Sep, 2023	1 C 1 H 12 M 0 L
3.2.20	3 Jul, 2023	1 C 2 H 12 M 0 L
3.2.19	3 May, 2023	1 C 3 H 12 M 0 L
3.2.18	14 Feb, 2023	1 C 3 H 13 M 0 L
3.2.17	1 Feb, 2023	1 C 4 H 13 M 0 L
3.2.16	4 Oct, 2022	1 C 5 H 13 M 0 L
3.2.15	3 Aug, 2022	1 C 5 H 14 M 0 L
3.2.14	4 Jul, 2022	1 C 6 H 14 M 0 L
3.2.13	11 Apr, 2022	2 C 6 H 14 M 0 L
3.2.12	1 Feb, 2022	4 C 6 H 14 M 0 L
3.2.11	4 Jan, 2022	4 C 7 H 15 M 0 L
3.2.10	7 Dec, 2021	4 C 7 H 16 M 2 L
3.2.9	1 Nov, 2021	4 C 7 H 17 M 2 L
3.2.8	5 Oct, 2021	4 C 7 H 17 M 2 L
3.2.7	1 Sep, 2021	4 C 7 H 17 M 2 L
3.2.6	2 Aug, 2021	4 C 7 H 17 M 2 L
3.2.5	1 Jul, 2021	4 C 7 H 17 M 2 L
3.2.4	2 Jun, 2021	4 C 8 H 17 M 2 L
3.2.3	13 May, 2021	4 C 9 H 18 M 2 L
3.2.2	6 May, 2021	4 C 9 H 18 M 2 L
3.2.1	4 May, 2021	4 C 10 H 18 M 2 L
3.2	6 Apr, 2021	4 C 10 H 18 M 3 L
3.2rc1	18 Mar, 2021	4 C 6 H 16 M 2 L
3.2b1	19 Feb, 2021	4 C 6 H 16 M 2 L
3.2a1	19 Jan, 2021	4 C 6 H 16 M 2 L

See all versions

Django vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Package versions