django vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

4.1
latest non vulnerable version

4.1
first published

12 years ago
latest version published

16 days ago
licenses detected
- BSD-2-Clause
  [1.0.1,3.1a1)
- BSD-3-Clause
  [3.1a1,)
View django package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the django package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Reflected File Download (RFD)	(,3.2.15) [4.0a1,4.0.7) [4.1rc1,4.1)
C SQL Injection	(,3.2.14) [4.0a1,4.0.6)
H SQL Injection	(,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
H SQL Injection	(,2.2.28) [3.0,3.2.13) [4.0,4.0.4)
M Cross-site Scripting (XSS)	(,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
M Denial of Service (DoS)	(,2.2.27) [3.0,3.2.12) [4.0,4.0.2)
L Directory Traversal	(,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
L Information Exposure	(,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
M Denial of Service (DoS)	(,2.2.26) [3.0,3.2.11) [4.0,4.0.1)
M Access Restriction Bypass	(,2.2.25) [3.0,3.1.14) [3.2,3.2.10)
H SQL Injection	[3.2a1,3.2.5) [3.1a1,3.1.13)
H Directory Traversal	[3.2,3.2.4) [3.1,3.1.12) (,2.2.24)
M Improper Input Validation	[2.2,2.2.24) [3.1,3.1.12) [3.2,3.2.4)
H HTTP Header Injection	[3.2,3.2.2) [3.0,3.1.10) (,2.2.22)
L Directory Traversal	(,2.2.21) [3.0,3.1.9) [3.2,3.2.1)
L Directory Traversal	[2.2,2.2.20) [3.0,3.0.14) [3.1,3.1.8)
M Web Cache Poisoning	[2.2,2.2.19) [3.0,3.0.13) [3.1,3.1.7)
L Directory Traversal	[1.4,2.2.18) [3.0a1,3.0.12) [3.1a1,3.1.6)
H Insecure Permissions	[2.2,2.2.16) [3.0,3.0.10) [3.1,3.1.1)
H Insecure Permissions	[2.2,2.2.16) [3.0,3.0.10) [3.1,3.1.1)
M Information Exposure	[3.0,3.0.7) [2.2,2.2.13)
M Cross-site Scripting (XSS)	[3.0.0,3.0.7) [2.2.0,2.2.13)
H SQL Injection	[3.0,3.0.4) [2.2,2.2.11) (,1.11.29)
H SQL Injection	[3.0,3.0.3) [2.2,2.2.10) [1.11,1.11.28)
M Account Hijacking	[3.0.0,3.0.1) [2.2.0,2.2.9) [1.11.0,1.11.27)
M Privilege Escalation	[2.1,2.1.15) [2.2,2.2.8)
M SQL Injection	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
M Denial of Service (DoS)	[1.11,1.11.23) [2.1,2.1.11) [2.2,2.2.4)
H Man-in-the-Middle (MitM)	[1.11.0,1.11.22) [2.1.0,2.1.10) [2.2.0,2.2.3)
L Cross-site Scripting (XSS)	[1.11.0,1.11.21) [2.1.0,2.1.9) [2.2.0,2.2.2)
M Uncontrolled Memory Consumption	[1.11.0,1.11.19) [2.0.0,2.0.11) [2.1.0,2.1.6)
M Content Spoofing	(,1.11.18) [2.0.0,2.0.10) [2.1.0,2.1.5)
M Information Exposure	[2.1.0,2.1.2)
M Open Redirect	(,1.11.15) [2.0.0,2.0.8)
M Regular Expression Denial of Service (ReDoS)	(,1.0.4) [1.1,1.1.1)
L Denial of Service (DoS)	(,0.91.1) [0.95,0.95.1) [0.96,0.96.1)
M Information Exposure	[1.7,1.8.19) [1.9,1.11.11) [2,2.0.3)
M Regular Expression Denial of Service (ReDoS)	[1.7,1.8.19) [1.9,1.11.11) [2,2.0.3)
H Information Exposure	[2,2.0.2) [1.11.8,1.11.10)
M Cross-site Scripting (XSS)	[1.9,1.10.8) [1.11a1,1.11.5)
M Open Redirect	(,1.8.18) [1.9,1.9.13) [1.10,1.10.7)
M Open Redirect	(,1.8.18) [1.9,1.9.13) [1.10,1.10.7)
H DNS Rebinding	(,1.8.16) [1.9,1.9.11) [1.10,1.10.3)
C Use of hardcoded DB password	(,1.8.16) [1.9,1.9.11) [1.10,1.10.3)
M Denial of Service (DoS)	(,1.3.6) [1.4,1.4.4)
H Cross-site Request Forgery (CSRF)	(,1.8.15) [1.9,1.9.10)
M Cross-site Scripting (XSS)	(,1.8.14) [1.9.0,1.9.8)
L Timing Attack	(,1.8.10) [1.9,1.9.3)
H Cross-site Scripting (XSS)	(,1.8.10) [1.9,1.9.3)
M Access Restriction Bypass	[1.9,1.9.2)
M Information Exposure	(,1.7.11) [1.8,1.8.7)
M Denial of Service (DoS)	(,1.4.22) [1.5,1.7.10) [1.8,1.8.4)
M Denial of Service (DoS)	(,1.4.22) [1.5,1.7.10) [1.8,1.8.4)
H Denial of Service (DoS)	(,1.4.21) [1.5,1.7.9) [1.8,1.8.3)
M HTTP Response Splitting	(,1.4.21) [1.5,1.7.9) [1.8,1.8.3)
H Denial of Service (DoS)	[1.8,1.8.3)
M Session Hijacking	[1.8,1.8.2)
M Denial of Service (DoS)	(,1.4.20) [1.5,1.6.11) [1.7,1.7.7)
M Cross-site Scripting (XSS)	(,1.4.20) [1.5,1.6.11) [1.7,1.7.7)
M Cross-site Scripting (XSS)	[1.7,1.7.6)
M WSGI Header Spoofing	(,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Cross-site Scripting (XSS)	(,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Denial of Service (DoS)	(,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
M Denial of Service (DoS)	(,1.4.18) [1.5,1.6.10) [1.7,1.7.3)
L Information Exposure	(,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Malicious Link Generation	(,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Denial of Service (DoS)	(,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Session Hijacking	(,1.4.14) [1.5,1.5.9) [1.6,1.6.6)
M Web Cache Poisoning	(,1.4.13) [1.5,1.5.8) [1.6,1.6.5)
M Open Redirect	(,1.4.13) [1.5,1.5.8) [1.6,1.6.5)
M Cross-site Request Forgery (CSRF)	(,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
C SQL Injection	(,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
M Arbitrary Code Execution	(,1.4.11) [1.5,1.5.6) [1.6,1.6.3) [1.7,1.7.1)
M Directory Traversal	(,1.4.7) [1.5,1.5.3)
M Denial of Service (DoS)	(,1.4.8) [1.5,1.5.4)
M Cross-site Scripting (XSS)	(,1.4.6) [1.5,1.5.2)
M Cross-site Scripting (XSS)	(,1.4.6) [1.5,1.5.2)
M XML External Entity (XXE) Injection	(,1.3.6) [1.4,1.4.4)
M Information Exposure	(,1.3.6) [1.4,1.4.4)
M Denial of Service (DoS)	(,1.3.6) [1.4,1.4.4)
M Host Header Poisoning	(,1.3.4) [1.4,1.4.2)
M Cross-site Scripting (XSS)	(,1.3.2) [1.4,1.4.1)
M Denial of Service (DoS)	(,1.3.2) [1.4,1.4.1)
M Denial of Service (DoS)	(,1.3.2) [1.4,1.4.1)
M Session Manipulation	(,1.2.7) [1.3,1.3.1)
M Denial of Service (DoS)	(,1.2.7) [1.3,1.3.1)
M Arbitrary Request Generation	(,1.2.7) [1.3,1.3.1)
M Web Cache Poisoning	(,1.2.7) [1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	(,1.2.7) [1.3,1.3.1)
L Information Exposure	(,1.2.7) [1.3,1.3.1)
M Cross-site Request Forgery (CSRF)	(,1.1.4) [1.2,1.2.5)
M Cross-site Scripting (XSS)	(,1.1.4) [1.2,1.2.5)
H Directory Traversal	(,1.1.4) [1.2,1.2.5)
M Information Exposure	(,1.1.3) [1.2,1.2.4)
M Denial of Service (DoS)	(,1.1.3) [1.2,1.2.4)
M Cross-site Scripting (XSS)	[1.2,1.2.2)

Package versions

1 - 100 of 300 Results

version	published	direct vulnerabilities
4.1	3 Aug, 2022	0 C 0 H 0 M 0 L
4.1rc1	19 Jul, 2022	0 C 0 H 0 M 0 L
4.1b1	21 Jun, 2022	0 C 0 H 0 M 0 L
4.1a1	18 May, 2022	0 C 0 H 0 M 0 L
4.0.7	3 Aug, 2022	0 C 0 H 0 M 0 L
4.0.6	4 Jul, 2022	0 C 1 H 0 M 0 L
4.0.5	1 Jun, 2022	1 C 1 H 0 M 0 L
4.0.4	11 Apr, 2022	1 C 1 H 0 M 0 L
4.0.3	1 Mar, 2022	1 C 3 H 0 M 0 L
4.0.2	1 Feb, 2022	1 C 3 H 0 M 0 L
4.0.1	4 Jan, 2022	1 C 3 H 2 M 0 L
4.0	7 Dec, 2021	1 C 3 H 3 M 2 L
4.0rc1	22 Nov, 2021	1 C 3 H 3 M 2 L
4.0b1	25 Oct, 2021	1 C 3 H 3 M 2 L
4.0a1	21 Sep, 2021	1 C 3 H 3 M 2 L
3.2.15	3 Aug, 2022	0 C 0 H 0 M 0 L
3.2.14	4 Jul, 2022	0 C 1 H 0 M 0 L
3.2.13	11 Apr, 2022	1 C 1 H 0 M 0 L
3.2.12	1 Feb, 2022	1 C 3 H 0 M 0 L
3.2.11	4 Jan, 2022	1 C 3 H 2 M 0 L
3.2.10	7 Dec, 2021	1 C 3 H 3 M 2 L
3.2.9	1 Nov, 2021	1 C 3 H 4 M 2 L
3.2.8	5 Oct, 2021	1 C 3 H 4 M 2 L
3.2.7	1 Sep, 2021	1 C 3 H 4 M 2 L
3.2.6	2 Aug, 2021	1 C 3 H 4 M 2 L
3.2.5	1 Jul, 2021	1 C 3 H 4 M 2 L
3.2.4	2 Jun, 2021	1 C 4 H 4 M 2 L
3.2.3	13 May, 2021	1 C 5 H 5 M 2 L
3.2.2	6 May, 2021	1 C 5 H 5 M 2 L
3.2.1	4 May, 2021	1 C 6 H 5 M 2 L
3.2	6 Apr, 2021	1 C 6 H 5 M 3 L
3.2rc1	18 Mar, 2021	1 C 6 H 5 M 3 L
3.2b1	19 Feb, 2021	1 C 6 H 5 M 3 L
3.2a1	19 Jan, 2021	1 C 6 H 5 M 3 L
3.1.14	7 Dec, 2021	1 C 3 H 3 M 2 L
3.1.13	1 Jul, 2021	1 C 3 H 4 M 2 L
3.1.12	2 Jun, 2021	1 C 4 H 4 M 2 L
3.1.11	13 May, 2021	1 C 5 H 5 M 2 L
3.1.10	6 May, 2021	1 C 5 H 5 M 2 L
3.1.9	4 May, 2021	1 C 6 H 5 M 2 L
3.1.8	6 Apr, 2021	1 C 6 H 5 M 3 L
3.1.7	19 Feb, 2021	1 C 6 H 5 M 4 L
3.1.6	1 Feb, 2021	1 C 6 H 6 M 4 L
3.1.5	4 Jan, 2021	1 C 6 H 6 M 5 L
3.1.4	1 Dec, 2020	1 C 6 H 6 M 5 L
3.1.3	2 Nov, 2020	1 C 6 H 6 M 5 L
3.1.2	1 Oct, 2020	1 C 6 H 6 M 5 L
3.1.1	1 Sep, 2020	1 C 6 H 6 M 5 L
3.1	4 Aug, 2020	1 C 8 H 6 M 5 L
3.1rc1	20 Jul, 2020	1 C 8 H 6 M 5 L
3.1b1	15 Jun, 2020	1 C 8 H 6 M 5 L
3.1a1	14 May, 2020	1 C 8 H 6 M 5 L
3.0.14	6 Apr, 2021	1 C 4 H 4 M 3 L
3.0.13	19 Feb, 2021	1 C 4 H 4 M 4 L
3.0.12	1 Feb, 2021	1 C 4 H 5 M 4 L
3.0.11	2 Nov, 2020	1 C 4 H 5 M 5 L
3.0.10	1 Sep, 2020	1 C 4 H 5 M 5 L
3.0.9	3 Aug, 2020	1 C 6 H 5 M 5 L
3.0.8	1 Jul, 2020	1 C 6 H 5 M 5 L
3.0.7	3 Jun, 2020	1 C 6 H 5 M 5 L
3.0.6	4 May, 2020	1 C 6 H 7 M 5 L
3.0.5	1 Apr, 2020	1 C 6 H 7 M 5 L
3.0.4	4 Mar, 2020	1 C 6 H 7 M 5 L
3.0.3	3 Feb, 2020	1 C 7 H 7 M 5 L
3.0.2	2 Jan, 2020	1 C 8 H 7 M 5 L
3.0.1	18 Dec, 2019	1 C 8 H 7 M 5 L
3.0	2 Dec, 2019	1 C 8 H 8 M 5 L
3.0rc1	18 Nov, 2019	1 C 8 H 8 M 5 L
3.0b1	14 Oct, 2019	1 C 8 H 8 M 5 L
3.0a1	10 Sep, 2019	1 C 8 H 8 M 5 L
2.2.28	11 Apr, 2022	1 C 1 H 0 M 0 L
2.2.27	1 Feb, 2022	1 C 3 H 0 M 0 L
2.2.26	4 Jan, 2022	1 C 3 H 2 M 0 L
2.2.25	7 Dec, 2021	1 C 3 H 3 M 2 L
2.2.24	2 Jun, 2021	1 C 3 H 4 M 2 L
2.2.23	13 May, 2021	1 C 4 H 5 M 2 L
2.2.22	6 May, 2021	1 C 4 H 5 M 2 L
2.2.21	4 May, 2021	1 C 5 H 5 M 2 L
2.2.20	6 Apr, 2021	1 C 5 H 5 M 3 L
2.2.19	19 Feb, 2021	1 C 5 H 5 M 4 L
2.2.18	1 Feb, 2021	1 C 5 H 6 M 4 L
2.2.17	2 Nov, 2020	1 C 5 H 6 M 5 L
2.2.16	1 Sep, 2020	1 C 5 H 6 M 5 L
2.2.15	3 Aug, 2020	1 C 7 H 6 M 5 L
2.2.14	1 Jul, 2020	1 C 7 H 6 M 5 L
2.2.13	3 Jun, 2020	1 C 7 H 6 M 5 L
2.2.12	1 Apr, 2020	1 C 7 H 8 M 5 L
2.2.11	4 Mar, 2020	1 C 7 H 8 M 5 L
2.2.10	3 Feb, 2020	1 C 8 H 8 M 5 L
2.2.9	18 Dec, 2019	1 C 9 H 8 M 5 L
2.2.8	2 Dec, 2019	1 C 9 H 9 M 5 L
2.2.7	4 Nov, 2019	1 C 9 H 10 M 5 L
2.2.6	1 Oct, 2019	1 C 9 H 10 M 5 L
2.2.5	2 Sep, 2019	1 C 9 H 10 M 5 L
2.2.4	1 Aug, 2019	1 C 9 H 10 M 5 L
2.2.3	1 Jul, 2019	1 C 9 H 14 M 5 L
2.2.2	3 Jun, 2019	1 C 10 H 14 M 5 L
2.2.1	1 May, 2019	1 C 10 H 14 M 6 L
2.2	1 Apr, 2019	1 C 10 H 14 M 6 L
2.2rc1	18 Mar, 2019	1 C 10 H 14 M 6 L

See all versions

django vulnerabilities

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Package versions