Information on source package python-django

Available versions

ReleaseVersion
buster1:1.11.29-1~deb10u1
buster (security)1:1.11.29-1+deb10u11
bullseye2:2.2.28-1~deb11u2
bookworm3:3.2.19-1+deb12u1
trixie3:4.2.11-1
sid3:4.2.11-1

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2024-27351vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedIn Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, ...
CVE-2024-24680vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedAn issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10 ...
CVE-2023-43665vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedIn Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ...
CVE-2023-41164fixedvulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedIn Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2021-32052vulnerablefixedfixedfixedfixedIn Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...

Resolved issues

BugDescription
TEMP-0407607-240F77python-django flup/FastCGI/debugging issue
CVE-2023-46695An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...
CVE-2023-36053In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...
CVE-2023-31047In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...
CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 ...
CVE-2023-23969In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...
CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...
CVE-2022-36359An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...
CVE-2022-34265An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...
CVE-2022-28347A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...
CVE-2022-28346An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...
CVE-2022-23833An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...
CVE-2022-22818The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...
CVE-2021-45452Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...
CVE-2021-45116An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
CVE-2021-45115An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...
CVE-2021-44420In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...
CVE-2021-35042Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...
CVE-2021-33571In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...
CVE-2021-33203Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...
CVE-2021-31542In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...
CVE-2021-28658In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...
CVE-2021-23336The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...
CVE-2021-3281In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...
CVE-2020-24584An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
CVE-2020-24583An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
CVE-2020-13596An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...
CVE-2020-13254An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...
CVE-2020-9402Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...
CVE-2020-7471Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...
CVE-2019-19844Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...
CVE-2019-19118Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...
CVE-2019-14235An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-14234An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-14233An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-14232An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...
CVE-2019-12781An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...
CVE-2019-12308An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...
CVE-2019-6975Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2. ...
CVE-2019-3498In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ...
CVE-2018-16984An issue was discovered in Django 2.1 before 2.1.2, in which unprivile ...
CVE-2018-14574django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11 ...
CVE-2018-7537An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...
CVE-2018-7536An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...
CVE-2018-6188django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0. ...
CVE-2017-12794In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...
CVE-2017-7234A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...
CVE-2017-7233Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 re ...
CVE-2016-9014Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...
CVE-2016-9013Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...
CVE-2016-7401The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.1 ...
CVE-2016-6186Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedOb ...
CVE-2016-2513The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...
CVE-2016-2512The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...
CVE-2016-2048Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, all ...
CVE-2015-8213The get_format function in utils/formats.py in Django before 1.7.x bef ...
CVE-2015-5964The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache ...
CVE-2015-5963contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ...
CVE-2015-5145validators.URLValidator in Django 1.8.x before 1.8.3 allows remote att ...
CVE-2015-5144Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8 ...
CVE-2015-5143The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7 ...
CVE-2015-3982The session.flush function in the cached_db backend in Django 1.8.x be ...
CVE-2015-2317The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1. ...
CVE-2015-2316The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7. ...
CVE-2015-2241Cross-site scripting (XSS) vulnerability in the contents function in a ...
CVE-2015-0222ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x befor ...
CVE-2015-0221The django.views.static.serve view in Django before 1.4.18, 1.6.x befo ...
CVE-2015-0220The django.util.http.is_safe_url function in Django before 1.4.18, 1.6 ...
CVE-2015-0219Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allo ...
CVE-2014-3730The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...
CVE-2014-1418Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...
CVE-2014-0483The administrative interface (contrib.admin) in Django before 1.4.14, ...
CVE-2014-0482The contrib.auth.middleware.RemoteUserMiddleware middleware in Django ...
CVE-2014-0481The default configuration for the file upload handling system in Djang ...
CVE-2014-0480The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ...
CVE-2014-0474The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFie ...
CVE-2014-0473The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6 ...
CVE-2014-0472The django.core.urlresolvers.reverse function in Django before 1.4.11, ...
CVE-2013-6044The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6 ...
CVE-2013-4315Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...
CVE-2013-4249Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget wi ...
CVE-2013-1665The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...
CVE-2013-1443The authentication framework (django.contrib.auth) in Django 1.4.x bef ...
CVE-2013-0306The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...
CVE-2013-0305The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ...
CVE-2012-4520The django.http.HttpRequest.get_host function in Django 1.3.x before 1 ...
CVE-2012-3444The get_image_dimensions function in the image-handling functionality ...
CVE-2012-3443The django.forms.ImageField class in the form system in Django before ...
CVE-2012-3442The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...
CVE-2011-4140The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...
CVE-2011-4139Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ...
CVE-2011-4138The verify_exists functionality in the URLField implementation in Djan ...
CVE-2011-4137The verify_exists functionality in the URLField implementation in Djan ...
CVE-2011-4136django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...
CVE-2011-0698Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ...
CVE-2011-0697Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...
CVE-2011-0696Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ...
CVE-2010-4535The password reset functionality in django.contrib.auth in Django befo ...
CVE-2010-4534The administrative interface in django.contrib.admin in Django before ...
CVE-2010-3082Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...
CVE-2009-3695Algorithmic complexity vulnerability in the forms library in Django 1. ...
CVE-2009-2659The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...
CVE-2008-3909The administration application in Django 0.91, 0.95, and 0.96 stores u ...
CVE-2008-2302Cross-site scripting (XSS) vulnerability in the login form in the admi ...
CVE-2007-5828Cross-site request forgery (CSRF) vulnerability in the admin panel in ...
CVE-2007-5712The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1 ...
CVE-2007-0405The LazyUser class in the AuthenticationMiddleware for Django 0.95 doe ...
CVE-2007-0404bin/compile-messages.py in Django 0.95 does not quote argument strings ...

Security announcements

DSA / DLADescription
DLA-3744-1python-django - security update
DLA-3558-1python-django - security update
DSA-5465-1python-django - security update
DLA-3500-1python-django - security update
DLA-3415-1python-django - security update
DLA-3329-1python-django - security update
DLA-3306-1python-django - security update
DLA-3191-1python-django - security update
DLA-3177-1python-django - security update
DLA-3164-1python-django - security update
DSA-5254-1python-django - security update
DLA-3024-1python-django - security update
DLA-2982-1python-django - security update
DLA-2906-1python-django - security update
DLA-2676-1python-django - security update
DLA-2651-1python-django - security update
DLA-2622-1python-django - security update
DLA-2569-1python-django - security update
DLA-2540-1python-django - security update
DSA-4705-1python-django - security update
DLA-2233-2python-django - regression update
DLA-2233-1python-django - security update
DSA-4629-1python-django - security update
DSA-4598-1python-django - security update
DLA-2042-1python-django - security update
DSA-4498-1python-django - security update
DLA-1872-1python-django - security update
DSA-4476-1python-django - security update
DLA-1842-1python-django - security update
DLA-1814-1python-django - security update
DSA-4363-1python-django - security update
DLA-1629-1python-django - security update
DSA-4264-1python-django - security update
DSA-4161-1python-django - security update
DLA-1303-1python-django - security update
DSA-3835-1python-django - security update
DLA-885-1python-django - security update
DLA-706-1python-django - security update
DLA-649-1python-django - security update
DSA-3678-1python-django - security update
DLA-590-1python-django - security update
DLA-555-1python-django - security update
DSA-3622-1python-django - security update
DSA-3544-1python-django - security update
DSA-3404-1python-django - security update
DLA-349-1python-django - security update
DLA-301-1python-django - security update
DSA-3338-1python-django - security update
DLA-272-1python-django - security update
DSA-3305-1python-django - security update
DSA-3204-1python-django - security update
DSA-3151-1python-django - security update
DLA-143-1python-django - security update
DLA-65-1python-django - security update
DSA-3010-1python-django - security update
DSA-2934-1python-django - security update
DSA-2758-1python-django - denial of service
DSA-2755-1python-django - directory traversal
DSA-2740-2python-django - regression
DSA-2740-1python-django - cross-site scripting vulnerability
DSA-2634-1python-django - several vulnerabilities
DSA-2529-1python-django - several
DSA-2332-1python-django - several issues
DSA-2163-1python-django - multiple
DSA-1905-1python-django - denial of service
DSA-1640-1python-django - cross site request forgery

Search for package or bug name: Reporting problems