Every CVE whose affected-product data names Django Project Django, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2007-0404 — CVSS 7.5 (high): bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function…
CVE-2007-5828 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary…
CVE-2007-0405 — CVSS 6.5 (medium): The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows…
CVE-2009-2659 — CVSS 5.0 (medium): The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media…
CVE-2008-2302 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before…
CVE-2007-5712 — CVSS 2.6 (low): The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the…