Exposure of Django
Web frameworks60
exposure score
26,488
sites use
0
exploited
2
critical
CVEs
33 resultsCVE-2025-64459CRITICALPotential SQL injection via _connector keyword argument in QuerySet and Q objectsEPSS 18.8%CVE-2025-57833HIGHAn issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection iEPSS 15.6%CVE-2025-32873MEDIUMAn issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is EPSS 14.0%CVE-2026-1207MEDIUMPotential SQL injection via raster lookups on PostGISEPSS 3.8%CVE-2025-64460HIGHPotential denial-of-service vulnerability in XML serializer text extractionEPSS 2.1%CVE-2025-64458HIGHPotential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on WindowsEPSS 1.9%CVE-2024-56374MEDIUMAn issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strinEPSS 1.9%CVE-2026-1285HIGHPotential denial-of-service vulnerability in django.utils.text.Truncator HTML methodsEPSS 1.0%CVE-2025-14550HIGHPotential denial-of-service vulnerability via repeated headers when using ASGIEPSS 1.0%CVE-2025-27556MEDIUMAn issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, djangEPSS 0.9%CVE-2025-13372MEDIUMPotential SQL injection in FilteredRelation column aliases on PostgreSQLEPSS 0.9%CVE-2025-59682LOWAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, uEPSS 0.9%CVE-2026-33034HIGHPotential denial-of-service vulnerability in ASGI requests via memory upload limit bypassEPSS 0.8%CVE-2025-26699MEDIUMAn issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrEPSS 0.7%CVE-2025-13473MEDIUMUsername enumeration through timing difference in mod_wsgi authentication handlerEPSS 0.7%CVE-2026-33033MEDIUMPotential denial-of-service vulnerability in MultiPartParser via base64-encoded file uploadEPSS 0.7%CVE-2026-25673HIGHPotential denial-of-service vulnerability in URLField via Unicode normalization on WindowsEPSS 0.7%CVE-2025-48432MEDIUMAn issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escapeEPSS 0.6%CVE-2025-59681HIGHAn issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySeEPSS 0.6%CVE-2026-35192LOWSession fixation via public cached pages and SESSION_SAVE_EVERY_REQUESTEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →