Search CVE reports
1 – 10 of 154 results
Some fixes available 2 of 7
Potential SQL injection via QuerySet.order_by and FilteredRelation
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Ignored | Ignored | Ignored |
Potential SQL injection in column aliases via control characters
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
Potential SQL injection via raster lookups on PostGIS
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
Potential denial-of-service vulnerability via repeated headers when using ASGI
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Not affected | Not affected |
Username enumeration through timing difference in mod_wsgi authentication handler
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Not affected |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a...
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Not affected | Not affected | Not affected | Not affected |
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
1 affected package
python-django
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-django | Not affected | Not affected | Not affected | Not affected |