PyPI (Python)
django
django has 53 known security vulnerabilities in PyPI (Python). Upgrade to version 5.2.8 or later to resolve all known issues. Data sourced from OSV, enriched with EPSS exploit probability and CISA KEV.
53 Vulnerabilities
Recommended safe version: 5.2.8
Upgrading to 5.2.8 or later resolves all 53 known vulnerabilities in django. Run: pip install "django>=5.2.8"
Is django in your project?
Check if you're affected and upgrade to 5.2.8 to stay secure.
53
Total
0
Critical
0
High
0
Medium
0
Low
Vulnerabilities
53 unique vulnerabilities — sorted by severity. Click a CVE/GHSA ID for full details.
| CVE / GHSA | Severity | Affected | Fixed In |
|---|---|---|---|
| GHSA-frmv-pr5f-9mcr Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. | CRITICAL | 5.2, 5.2.1, 5.2.2, 5.2.3 (+404 more) | 5.2.8, 5.1.14, 4.2.26 |
| GHSA-xpfp-f569-q3p2 SQL Injection in Django | CRITICAL | 3.2, 3.2.1, 3.2.2, 3.2.3 (+38 more) | 3.2.5, 3.1.13 |
| GHSA-2gwj-7jmv-h26r SQL Injection in Django | CRITICAL | 2.2, 2.2.1, 2.2.10, 2.2.11 (+41 more) | 2.2.28, 3.2.13, 4.0.4 |
| GHSA-p64x-8rxx-wf6q Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection | CRITICAL | 3.2, 3.2.1, 3.2.10, 3.2.11 (+22 more) | 3.2.14, 4.0.6 |
| GHSA-r3xc-prgr-mg9p Django bypasses validation when using one form field to upload multiple files | CRITICAL | 3.2, 3.2.1, 3.2.10, 3.2.11 (+48 more) | 3.2.19, 4.1.9, 4.2.1 |
| GHSA-w24h-v9qh-8gxj SQL Injection in Django | CRITICAL | 2.2, 2.2.1, 2.2.10, 2.2.11 (+41 more) | 2.2.28, 3.2.13, 4.0.4 |
| GHSA-6w2r-r2m5-xq5w Django is subject to SQL injection through its column aliases | HIGH | 1.0.1, 1.0.2, 1.0.3, 1.0.4 (+398 more) | 4.2.24, 5.1.12, 5.2.6 |
| GHSA-8x94-hmjh-97hq Django vulnerable to Reflected File Download attack | HIGH | 1.0.1, 1.0.2, 1.0.3, 1.0.4 (+293 more) | 3.2.15, 4.0.7 |
| GHSA-m6gj-h9gm-gw44 Django Incorrect Default Permissions | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+32 more) | 2.2.16, 3.0.10, 3.1.1 |
| GHSA-p99v-5w3c-jqq9 Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+63 more) | 2.2.24, 3.1.12, 3.2.4 |
| GHSA-qw25-v68c-qjf3 Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows | HIGH | 5.2, 5.2.1, 5.2.2, 5.2.3 (+404 more) | 5.2.8, 5.1.14, 4.2.26 |
| GHSA-rxjp-mfm9-w4wr Path Traversal in Django | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+45 more) | 2.2.21, 3.1.9, 3.2.1 |
| GHSA-2hrw-hx67-34x6 Resource exhaustion in Django | HIGH | 3.2, 3.2.1, 3.2.10, 3.2.11 (+40 more) | 3.2.18, 4.1.7, 4.0.10 |
| GHSA-53qw-q765-4fww Denial-of-service in Django | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+43 more) | 2.2.26, 3.2.11, 4.0.1 |
| GHSA-6cw3-g6wv-c2xv Infinite Loop in Django | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+37 more) | 2.2.27, 3.2.12, 4.0.2 |
| GHSA-8c5j-9r9f-c6w8 Information disclosure in Django | HIGH | 2.2, 2.2.1, 2.2.10, 2.2.11 (+34 more) | 2.2.26, 3.2.11, 4.0.1 |
| GHSA-jh3w-4vvf-mjgr Django has regular expression denial of service vulnerability in EmailValidator/URLValidator | HIGH | 3.2, 3.2.1, 3.2.10, 3.2.11 (+52 more) | 3.2.20, 4.1.10, 4.2.3 |
| GHSA-q2jf-h9jm-m7p4 Django contains Uncontrolled Resource Consumption via cached header | HIGH | 3.2, 3.2.1, 3.2.10, 3.2.11 (+37 more) | 3.2.17, 4.0.9, 4.1.6 |
| GHSA-qrw5-5h28-6cmg Django denial-of-service vulnerability in internationalized URLs | HIGH | 3.2, 3.2.1, 3.2.10, 3.2.11 (+22 more) | 3.2.16, 4.0.8, 4.1.2 |
| GHSA-68w8-qjq3-2gfm Path Traversal in Django | MODERATE | 1.0.1, 1.0.2, 1.0.3, 1.0.4 (+262 more) | 2.2.24, 3.1.12, 3.2.4 |
| GHSA-7xr5-9hcq-chf9 Django Improper Output Neutralization for Logs vulnerability | MODERATE | 5.2, 5.2.1, 5.0, 5.0.1 (+386 more) | 5.2.2, 5.1.10, 4.2.22 |
| GHSA-fr28-569j-53c4 Django Incorrect Default Permissions | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+23 more) | 2.2.16, 3.0.10, 3.1.1 |
| GHSA-fvgf-6h6h-3322 Django Directory Traversal via archive.extract | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+32 more) | 2.2.18, 3.1.6, 3.0.12 |
| GHSA-qm57-vhq3-3fwf Header injection possible in Django | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+30 more) | 2.2.22, 3.1.10, 3.2.2 |
| GHSA-rrqc-c2jx-6jgv Django allows enumeration of user e-mail addresses | MODERATE | 5.1, 5.0, 5.0.1, 5.0.2 (+357 more) | 5.1.1, 5.0.9, 4.2.16 |
| GHSA-v6rh-hp5x-86rv Potential bypass of an upstream access control based on URL paths in Django | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+72 more) | 2.2.25, 3.1.14, 3.2.10 |
| GHSA-xgxc-v2qg-chmh Directory Traversal in Django | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+47 more) | 2.2.20, 3.0.14, 3.1.8 |
| GHSA-95rw-fx8r-36v6 Cross-site Scripting in Django | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+37 more) | 2.2.27, 3.2.12, 4.0.2 |
| GHSA-jrh2-hc4r-7jwx Directory-traversal in Django | MODERATE | 2.2, 2.2.1, 2.2.10, 2.2.11 (+34 more) | 2.2.26, 3.2.11, 4.0.1 |
| PYSEC-2020-33 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+23 more) | 2.2.16, 3.0.10, 3.1.1 |
| PYSEC-2020-34 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+23 more) | 2.2.16, 3.0.10, 3.1.1 |
| PYSEC-2021-109 | UNKNOWN | 3.1, 3.1.1, 3.1.10, 3.1.11 (+14 more) | 3.1.13, 3.2.5 |
| PYSEC-2021-439 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+45 more) | 2.2.25, 3.1.14, 3.2.10 |
| PYSEC-2021-6 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+38 more) | 2.2.20, 3.0.14, 3.1.8 |
| PYSEC-2021-7 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+27 more) | 2.2.21, 3.1.9, 3.2.1 |
| PYSEC-2021-8 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+30 more) | 2.2.22, 3.1.10, 3.2.2 |
| PYSEC-2021-9 | UNKNOWN | 2.2, 2.2.1, 2.2.2, 2.2.3 (+32 more) | 2.2.18, 3.0.12, 3.1.6 |
| PYSEC-2021-98 | UNKNOWN | 1.0.1, 1.0.2, 1.0.3, 1.0.4 (+262 more) | 2.2.24, 3.1.12, 3.2.4 |
| PYSEC-2021-99 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+54 more) | 2.2.24, 3.1.12, 3.2.4 |
| PYSEC-2022-1 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+34 more) | 2.2.26, 3.2.11, 4.0.1 |
| PYSEC-2022-19 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+37 more) | 2.2.27, 3.2.12, 4.0.2 |
| PYSEC-2022-190 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+41 more) | 4.0.4, 3.2.13, 2.2.28 |
| PYSEC-2022-191 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+41 more) | 4.0.4, 3.2.13, 2.2.28 |
| PYSEC-2022-2 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+34 more) | 2.2.26, 3.2.11, 4.0.1 |
| PYSEC-2022-20 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+37 more) | 2.2.27, 3.2.12, 4.0.2 |
| PYSEC-2022-213 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+16 more) | 3.2.14, 4.0.6 |
| PYSEC-2022-245 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+18 more) | 3.2.15, 4.0.7 |
| PYSEC-2022-3 | UNKNOWN | 2.2, 2.2.1, 2.2.10, 2.2.11 (+34 more) | 2.2.26, 3.2.11, 4.0.1 |
| PYSEC-2022-304 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+22 more) | 5b6b257fa7ec37ff27965358800c67e2dd11c924, 3.2.16, 4.0.8 (+1 more) |
| PYSEC-2023-100 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+43 more) | 4.2.3, 4.1.10, 3.2.20 |
| PYSEC-2023-12 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+28 more) | 3.2.17, 4.0.9, 4.1.6 |
| PYSEC-2023-13 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+31 more) | 3.2.18, 4.0.10, 4.1.7 |
| PYSEC-2023-61 | UNKNOWN | 3.2, 3.2.1, 3.2.10, 3.2.11 (+45 more) | 3.2.19, 4.1.9, 4.2.1 |
About This Data
Vulnerability data for django is sourced from the Open Source Vulnerability (OSV) database, aggregating reports from GitHub Advisory Database, NIST NVD, and ecosystem-specific sources.
CVSS (Common Vulnerability Scoring System) scores reflect exploitability and impact. EPSS (Exploit Prediction Scoring System) scores indicate the probability of exploitation within the next 30 days. Vulnerabilities marked with are listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
Check Your Dependencies
Scan your project to check if you're using a vulnerable version of django.
Data from OSV DatabaseUpdated daily200K+ vulnerabilities indexed