Search CVE reports


Toggle filters

1 – 10 of 172 results


CVE-2026-53878

Medium priority
Needs evaluation

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-53877

Medium priority
Needs evaluation

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory or cause...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48588

Medium priority
Needs evaluation

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-8404

Low priority
Needs evaluation

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-7666

Low priority
Needs evaluation

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-6873

Low priority
Needs evaluation

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and salt argument), which allows a...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48587

Low priority
Needs evaluation

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35193

Low priority
Needs evaluation

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-6907

Low priority

Some fixes available 4 of 8

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2026-5766

Low priority

Some fixes available 4 of 8

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages