Django

This hub aggregates every CVE we track for Django, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Django.

• CVE-2026-48587Potential exposure of private data via whitespace padding in Vary header3.1Jun 3, 2026
• CVE-2026-35193Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware3.1Jun 3, 2026
• CVE-2026-8404Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware3.1Jun 3, 2026
• CVE-2026-7666Potential unencrypted email transmission via STARTTLS in the SMTP backend3.1Jun 3, 2026
• CVE-2026-6873Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie3.1Jun 3, 2026
• CVE-2026-35192Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST6.5May 5, 2026
• CVE-2026-6907Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware4.3May 5, 2026
• CVE-2026-5766Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass5.3May 5, 2026
• CVE-2026-33034Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass7.5Apr 7, 2026
• CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload6.5Apr 7, 2026
• CVE-2026-4292Privilege abuse in ModelAdmin.list_editable2.7Apr 7, 2026
• CVE-2026-4277Privilege abuse in GenericInlineModelAdmin9.8Apr 7, 2026
• CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation7.5Apr 7, 2026
• CVE-2026-25674Potential incorrect permissions on newly created file system objects3.7Mar 3, 2026
• CVE-2026-25673Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows7.5Mar 3, 2026