djangoproject
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting djangoproject.
- CVE-2026-44546Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing3.7
- CVE-2026-44545Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service5.3
- CVE-2026-48587Potential exposure of private data via whitespace padding in Vary header3.1
- CVE-2026-35193Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware3.1
- CVE-2026-8404Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware3.1
- CVE-2026-7666Potential unencrypted email transmission via STARTTLS in the SMTP backend3.1
- CVE-2026-6873Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie3.1
- CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST6.5
- CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware4.3
- CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass5.3
- CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass7.5
- CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload6.5
- CVE-2026-4292Privilege abuse in ModelAdmin.list_editable2.7
- CVE-2026-4277Privilege abuse in GenericInlineModelAdmin9.8
- CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation7.5