django vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

5.1.5

latest non vulnerable version

5.2a1

first published

14 years ago

latest version published

13 days ago

licenses detected

BSD-3-Clause
[3.1a1,)
BSD-2-Clause
[1.0.1,3.1a1)

View django package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Denial of Service (DoS)	[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)
M Denial of Service (DoS)	[4.2,4.2.18)[5.0,5.0.11)[5.1,5.1.5)
C SQL Injection	[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)
H Command Injection	[,4.2.17)[5.0,5.0.10)[5.1a1,5.1.4)
M Denial of Service (DoS)	[,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1)
M Improper Check for Unusual or Exceptional Conditions	[,4.2.16)[5.0a1,5.0.9)[5.1a1,5.1.1)
C SQL Injection	[,4.2.15)[5.0,5.0.8)
M Uncontrolled Resource Consumption	[,4.2.15)[5.0,5.0.8)
M Denial of Service (DoS)	[,4.2.15)[5.0,5.0.8)
M Denial of Service (DoS)	[,4.2.15)[5.0,5.0.8)
M Timing Attack	[,4.2.14)[5.0a1,5.0.7)
M Directory Traversal	[,4.2.14)[5.0a1,5.0.7)
M Denial of Service (DoS)	[,4.2.14)[5.0a1,5.0.7)
M Denial of Service (DoS)	[,4.2.14)[5.0a1,5.0.7)
H Denial of Service (DoS)	[1.3.6,1.4.4)
H Denial of Service (DoS)	[1.3.6,1.4.4)
M Regular Expression Denial of Service (ReDoS)	[,3.2.25)[4.0a1,4.2.11)[5.0a1,5.0.3)
H Denial of Service (DoS)	[3.2,3.2.24)[4.2,4.2.10)[5.0,5.0.2)
M Cross-site Scripting (XSS)	[1.5,1.5.2)
M Denial of Service (DoS)	[,3.2.23)[4.0a1,4.1.13)[4.2a1,4.2.7)
M Regular Expression Denial of Service (ReDoS)	[,3.2.22)[4.0,4.1.12)[4.2,4.2.6)
H Denial of Service (DoS)	[,3.2.21)[4.0a1,4.1.11)[4.2a1,4.2.5)
H Regular Expression Denial of Service (ReDoS)	[,3.2.20)[4.0a1,4.1.10)[4.2a1,4.2.3)
M Arbitrary File Upload	[,3.2.19)[4.1a1,4.1.9)[4.2a1,4.2.1)
M Cross-site Scripting (XSS)	[,1.1.3)
H Denial of Service (DoS)	[,3.2.18)[4.0a1,4.0.10)[4.1a1,4.1.7)
H Denial of Service (DoS)	[3.2,3.2.17)[4.0,4.0.9)[4.1,4.1.6)
M Denial of Service (DoS)	[4.1a1,4.1.2)[4.0a1,4.0.8)[3.2a1,3.2.16)
H Reflected File Download (RFD)	[,3.2.15)[4.0a1,4.0.7)[4.1rc1,4.1)
C SQL Injection	[,3.2.14)[4.0a1,4.0.6)
C SQL Injection	[,2.2.28)[3.0,3.2.13)[4.0,4.0.4)
C SQL Injection	[,2.2.28)[3.0,3.2.13)[4.0,4.0.4)
M Cross-site Scripting (XSS)	[,2.2.27)[3.0,3.2.12)[4.0,4.0.2)
H Denial of Service (DoS)	[,2.2.27)[3.0,3.2.12)[4.0,4.0.2)
L Directory Traversal	[,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
L Information Exposure	[,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
M Denial of Service (DoS)	[,2.2.26)[3.0,3.2.11)[4.0,4.0.1)
M Access Restriction Bypass	[,2.2.25)[3.0,3.1.14)[3.2,3.2.10)
H SQL Injection	[3.2a1,3.2.5)[3.1a1,3.1.13)
H Directory Traversal	[3.2,3.2.4)[3.1,3.1.12)[,2.2.24)
M Improper Input Validation	[2.2,2.2.24)[3.1,3.1.12)[3.2,3.2.4)
H HTTP Header Injection	[3.2,3.2.2)[3.0,3.1.10)[,2.2.22)
L Directory Traversal	[,2.2.21)[3.0,3.1.9)[3.2,3.2.1)
L Directory Traversal	[2.2,2.2.20)[3.0,3.0.14)[3.1,3.1.8)
M Web Cache Poisoning	[2.2,2.2.19)[3.0,3.0.13)[3.1,3.1.7)
L Directory Traversal	[1.4,2.2.18)[3.0a1,3.0.12)[3.1a1,3.1.6)
H Insecure Permissions	[2.2,2.2.16)[3.0,3.0.10)[3.1,3.1.1)
H Insecure Permissions	[2.2,2.2.16)[3.0,3.0.10)[3.1,3.1.1)
M Information Exposure	[3.0,3.0.7)[2.2,2.2.13)
M Cross-site Scripting (XSS)	[3.0.0,3.0.7)[2.2.0,2.2.13)
H SQL Injection	[3.0,3.0.4)[2.2,2.2.11)[,1.11.29)
H SQL Injection	[3.0,3.0.3)[2.2,2.2.10)[1.11,1.11.28)
M Account Hijacking	[3.0.0,3.0.1)[2.2.0,2.2.9)[1.11.0,1.11.27)
M Privilege Escalation	[2.1,2.1.15)[2.2,2.2.8)
M SQL Injection	[1.11,1.11.23)[2.1,2.1.11)[2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23)[2.1,2.1.11)[2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23)[2.1,2.1.11)[2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23)[2.1,2.1.11)[2.2,2.2.4)
H Man-in-the-Middle (MitM)	[1.11.0,1.11.22)[2.1.0,2.1.10)[2.2.0,2.2.3)
L Cross-site Scripting (XSS)	[1.11.0,1.11.21)[2.1.0,2.1.9)[2.2.0,2.2.2)
M Uncontrolled Memory Consumption	[1.11.0,1.11.19)[2.0.0,2.0.11)[2.1.0,2.1.6)
M Content Spoofing	[,1.11.18)[2.0.0,2.0.10)[2.1.0,2.1.5)
M Information Exposure	[2.1.0,2.1.2)
M Open Redirect	[,1.11.15)[2.0.0,2.0.8)
M Regular Expression Denial of Service (ReDoS)	[,1.0.4)[1.1,1.1.1)
L Denial of Service (DoS)	[,0.91.1)[0.95,0.95.1)[0.96,0.96.1)
M Information Exposure	[1.7,1.8.19)[1.9,1.11.11)[2,2.0.3)
M Regular Expression Denial of Service (ReDoS)	[1.7,1.8.19)[1.9,1.11.11)[2,2.0.3)
H Information Exposure	[2,2.0.2)[1.11.8,1.11.10)
M Cross-site Scripting (XSS)	[1.9,1.10.8)[1.11a1,1.11.5)
M Open Redirect	[,1.8.18)[1.9,1.9.13)[1.10,1.10.7)
M Open Redirect	[,1.8.18)[1.9,1.9.13)[1.10,1.10.7)
H DNS Rebinding	[,1.8.16)[1.9,1.9.11)[1.10,1.10.3)
C Use of hardcoded DB password	[,1.8.16)[1.9,1.9.11)[1.10,1.10.3)
M Denial of Service (DoS)	[,1.3.6)[1.4,1.4.4)
H Cross-site Request Forgery (CSRF)	[,1.8.15)[1.9,1.9.10)
M Cross-site Scripting (XSS)	[,1.8.14)[1.9.0,1.9.8)
L Timing Attack	[,1.8.10)[1.9,1.9.3)
H Cross-site Scripting (XSS)	[,1.8.10)[1.9,1.9.3)
M Access Restriction Bypass	[1.9,1.9.2)
M Information Exposure	[,1.7.11)[1.8,1.8.7)
M Denial of Service (DoS)	[,1.4.22)[1.5,1.7.10)[1.8,1.8.4)
M Denial of Service (DoS)	[,1.4.22)[1.5,1.7.10)[1.8,1.8.4)
H Denial of Service (DoS)	[,1.4.21)[1.5,1.7.9)[1.8,1.8.3)
M HTTP Response Splitting	[,1.4.21)[1.5,1.7.9)[1.8,1.8.3)
H Denial of Service (DoS)	[1.8,1.8.3)
M Session Hijacking	[1.8,1.8.2)
M Denial of Service (DoS)	[,1.4.20)[1.5,1.6.11)[1.7,1.7.7)
M Cross-site Scripting (XSS)	[,1.4.20)[1.5,1.6.11)[1.7,1.7.7)
M Cross-site Scripting (XSS)	[1.7,1.7.6)
M WSGI Header Spoofing	[,1.4.18)[1.5,1.6.10)[1.7,1.7.3)
M Cross-site Scripting (XSS)	[,1.4.18)[1.5,1.6.10)[1.7,1.7.3)
M Denial of Service (DoS)	[,1.4.18)[1.5,1.6.10)[1.7,1.7.3)
M Denial of Service (DoS)	[,1.4.18)[1.5,1.6.10)[1.7,1.7.3)
M Malicious Link Generation	[,1.4.14)[1.5,1.5.9)[1.6,1.6.6)
M Denial of Service (DoS)	[,1.4.14)[1.5,1.5.9)[1.6,1.6.6)
L Information Exposure	[,1.4.14)[1.5,1.5.9)[1.6,1.6.6)
M Session Hijacking	[,1.4.14)[1.5,1.5.9)[1.6,1.6.6)
M Web Cache Poisoning	[,1.4.13)[1.5,1.5.8)[1.6,1.6.5)
M Open Redirect	[,1.4.13)[1.5,1.5.8)[1.6,1.6.5)
M Cross-site Request Forgery (CSRF)	[,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1)
C SQL Injection	[,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1)
M Arbitrary Code Execution	[,1.4.11)[1.5,1.5.6)[1.6,1.6.3)[1.7,1.7.1)
M Directory Traversal	[,1.4.7)[1.5,1.5.3)
M Denial of Service (DoS)	[,1.4.8)[1.5,1.5.4)
M Cross-site Scripting (XSS)	[,1.4.6)[1.5,1.5.2)
M Cross-site Scripting (XSS)	[,1.4.6)[1.5,1.5.2)
M XML External Entity (XXE) Injection	[,1.3.6)[1.4,1.4.4)
M Information Exposure	[,1.3.6)[1.4,1.4.4)
M Denial of Service (DoS)	[,1.3.6)[1.4,1.4.4)
M Host Header Poisoning	[,1.3.4)[1.4,1.4.2)
M Cross-site Scripting (XSS)	[,1.3.2)[1.4,1.4.1)
M Denial of Service (DoS)	[,1.3.2)[1.4,1.4.1)
M Denial of Service (DoS)	[,1.3.2)[1.4,1.4.1)
M Session Manipulation	[,1.2.7)[1.3,1.3.1)
M Denial of Service (DoS)	[,1.2.7)[1.3,1.3.1)
M Arbitrary Request Generation	[,1.2.7)[1.3,1.3.1)
M Web Cache Poisoning	[,1.2.7)[1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	[,1.2.7)[1.3,1.3.1)
L Information Exposure	[,1.2.7)[1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	[,1.1.4)[1.2,1.2.5)
M Cross-site Scripting (XSS)	[,1.1.4)[1.2,1.2.5)
H Directory Traversal	[,1.1.4)[1.2,1.2.5)
M Information Exposure	[,1.1.3)[1.2,1.2.4)
M Denial of Service (DoS)	[,1.1.3)[1.2,1.2.4)
M Cross-site Scripting (XSS)	[1.2,1.2.2)

Package versions

1 - 100 of 373 Results

version	published	direct vulnerabilities
5.2a1	16 Jan, 2025	0 C 0 H 0 M 0 L
5.1.5	14 Jan, 2025	0 C 0 H 0 M 0 L
5.1.4	4 Dec, 2024	0 C 0 H 2 M 0 L
5.1.3	5 Nov, 2024	1 C 1 H 2 M 0 L
5.1.2	8 Oct, 2024	1 C 1 H 2 M 0 L
5.1.1	3 Sep, 2024	1 C 1 H 2 M 0 L
5.1	7 Aug, 2024	1 C 1 H 4 M 0 L
5.1rc1	24 Jul, 2024	1 C 1 H 2 M 0 L
5.1b1	26 Jun, 2024	1 C 1 H 2 M 0 L
5.1a1	22 May, 2024	1 C 1 H 2 M 0 L
5.0.11	14 Jan, 2025	0 C 0 H 0 M 0 L
5.0.10	4 Dec, 2024	0 C 0 H 2 M 0 L
5.0.9	3 Sep, 2024	1 C 1 H 2 M 0 L
5.0.8	6 Aug, 2024	1 C 1 H 4 M 0 L
5.0.7	9 Jul, 2024	2 C 1 H 7 M 0 L
5.0.6	7 May, 2024	2 C 1 H 11 M 0 L
5.0.5	6 May, 2024	2 C 1 H 11 M 0 L
5.0.4	3 Apr, 2024	2 C 1 H 11 M 0 L
5.0.3	4 Mar, 2024	2 C 1 H 11 M 0 L
5.0.2	6 Feb, 2024	2 C 1 H 12 M 0 L
5.0.1	2 Jan, 2024	2 C 2 H 12 M 0 L
5.0	4 Dec, 2023	2 C 2 H 12 M 0 L
5.0rc1	20 Nov, 2023	0 C 0 H 7 M 0 L
5.0b1	23 Oct, 2023	0 C 0 H 7 M 0 L
5.0a1	18 Sep, 2023	0 C 0 H 7 M 0 L
4.2.18	14 Jan, 2025	0 C 0 H 0 M 0 L
4.2.17	4 Dec, 2024	0 C 0 H 2 M 0 L
4.2.16	3 Sep, 2024	1 C 1 H 2 M 0 L
4.2.15	6 Aug, 2024	1 C 1 H 4 M 0 L
4.2.14	9 Jul, 2024	2 C 1 H 7 M 0 L
4.2.13	7 May, 2024	2 C 1 H 11 M 0 L
4.2.12	6 May, 2024	2 C 1 H 11 M 0 L
4.2.11	4 Mar, 2024	2 C 1 H 11 M 0 L
4.2.10	6 Feb, 2024	2 C 1 H 12 M 0 L
4.2.9	2 Jan, 2024	2 C 2 H 12 M 0 L
4.2.8	4 Dec, 2023	2 C 2 H 12 M 0 L
4.2.7	1 Nov, 2023	2 C 2 H 12 M 0 L
4.2.6	4 Oct, 2023	2 C 2 H 13 M 0 L
4.2.5	4 Sep, 2023	2 C 2 H 14 M 0 L
4.2.4	1 Aug, 2023	2 C 3 H 14 M 0 L
4.2.3	3 Jul, 2023	2 C 3 H 14 M 0 L
4.2.2	5 Jun, 2023	2 C 4 H 14 M 0 L
4.2.1	3 May, 2023	2 C 4 H 14 M 0 L
4.2	3 Apr, 2023	2 C 4 H 15 M 0 L
4.2rc1	20 Mar, 2023	2 C 3 H 12 M 0 L
4.2b1	20 Feb, 2023	2 C 3 H 12 M 0 L
4.2a1	17 Jan, 2023	2 C 3 H 12 M 0 L
4.1.13	1 Nov, 2023	2 C 1 H 10 M 0 L
4.1.12	4 Oct, 2023	2 C 1 H 11 M 0 L
4.1.11	4 Sep, 2023	2 C 1 H 12 M 0 L
4.1.10	3 Jul, 2023	2 C 2 H 12 M 0 L
4.1.9	3 May, 2023	2 C 3 H 12 M 0 L
4.1.8	5 Apr, 2023	2 C 3 H 13 M 0 L
4.1.7	14 Feb, 2023	2 C 3 H 13 M 0 L
4.1.6	1 Feb, 2023	2 C 4 H 13 M 0 L
4.1.5	2 Jan, 2023	2 C 5 H 13 M 0 L
4.1.4	6 Dec, 2022	2 C 5 H 13 M 0 L
4.1.3	1 Nov, 2022	2 C 5 H 13 M 0 L
4.1.2	4 Oct, 2022	2 C 5 H 13 M 0 L
4.1.1	5 Sep, 2022	2 C 5 H 14 M 0 L
4.1	3 Aug, 2022	2 C 5 H 14 M 0 L
4.1rc1	19 Jul, 2022	2 C 5 H 14 M 0 L
4.1b1	21 Jun, 2022	2 C 4 H 14 M 0 L
4.1a1	18 May, 2022	2 C 4 H 14 M 0 L
4.0.10	14 Feb, 2023	2 C 3 H 12 M 0 L
4.0.9	1 Feb, 2023	2 C 4 H 12 M 0 L
4.0.8	4 Oct, 2022	2 C 5 H 12 M 0 L
4.0.7	3 Aug, 2022	2 C 5 H 13 M 0 L
4.0.6	4 Jul, 2022	2 C 6 H 13 M 0 L
4.0.5	1 Jun, 2022	3 C 6 H 13 M 0 L
4.0.4	11 Apr, 2022	3 C 6 H 13 M 0 L
4.0.3	1 Mar, 2022	5 C 6 H 13 M 0 L
4.0.2	1 Feb, 2022	5 C 6 H 13 M 0 L
4.0.1	4 Jan, 2022	5 C 7 H 14 M 0 L
4.0	7 Dec, 2021	5 C 7 H 15 M 2 L
4.0rc1	22 Nov, 2021	3 C 5 H 12 M 0 L
4.0b1	25 Oct, 2021	3 C 5 H 12 M 0 L
4.0a1	21 Sep, 2021	3 C 5 H 12 M 0 L
3.2.25	4 Mar, 2024	2 C 1 H 9 M 0 L
3.2.24	6 Feb, 2024	2 C 1 H 10 M 0 L
3.2.23	1 Nov, 2023	2 C 2 H 10 M 0 L
3.2.22	4 Oct, 2023	2 C 2 H 11 M 0 L
3.2.21	4 Sep, 2023	2 C 2 H 12 M 0 L
3.2.20	3 Jul, 2023	2 C 3 H 12 M 0 L
3.2.19	3 May, 2023	2 C 4 H 12 M 0 L
3.2.18	14 Feb, 2023	2 C 4 H 13 M 0 L
3.2.17	1 Feb, 2023	2 C 5 H 13 M 0 L
3.2.16	4 Oct, 2022	2 C 6 H 13 M 0 L
3.2.15	3 Aug, 2022	2 C 6 H 14 M 0 L
3.2.14	4 Jul, 2022	2 C 7 H 14 M 0 L
3.2.13	11 Apr, 2022	3 C 7 H 14 M 0 L
3.2.12	1 Feb, 2022	5 C 7 H 14 M 0 L
3.2.11	4 Jan, 2022	5 C 8 H 15 M 0 L
3.2.10	7 Dec, 2021	5 C 8 H 16 M 2 L
3.2.9	1 Nov, 2021	5 C 8 H 17 M 2 L
3.2.8	5 Oct, 2021	5 C 8 H 17 M 2 L
3.2.7	1 Sep, 2021	5 C 8 H 17 M 2 L
3.2.6	2 Aug, 2021	5 C 8 H 17 M 2 L
3.2.5	1 Jul, 2021	5 C 8 H 17 M 2 L
3.2.4	2 Jun, 2021	5 C 9 H 17 M 2 L

See all versions