OSV - Open Source Vulnerabilities

GHSA-mmwr-2jhp-mc7j

PyPI/django

Django vulnerable to privilege abuse in ModelAdmin.list_editable

07 Apr

Fix available
Severity - 2.7 (Low)

GHSA-mvfq-ggxm-9mc5

PyPI/django

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

07 Apr

Fix available
Severity - 7.5 (High)

GHSA-pwjp-ccjc-ghwg

PyPI/django

Django vulnerable to privilege abuse in GenericInlineModelAdmin

07 Apr

Fix available
Severity - 2.3 (Low)

GHSA-5mf9-h53q-7mhq

PyPI/django

Django has potential DoS via MultiPartParser through crafted multipart uploads

07 Apr

Fix available
Severity - 6.5 (Medium)

GHSA-933h-hp56-hf7m

PyPI/django

Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit

07 Apr

Fix available
Severity - 7.5 (High)

GHSA-ffv6-jj46-x367

PyPI/django-unicorn

django-unicorn affected by component state manipulation via unvalidated attribute access

11 Mar

Fix available
Severity - 5.3 (Medium)

GHSA-2jpr-83rg-v67j

PyPI/django-allauth

django-allauth has an open redirect vulnerability

05 Mar

Fix available
Severity - 5.1 (Medium)

GHSA-8p8v-wh79-9r56

PyPI/django

Django vulnerable to Uncontrolled Resource Consumption

03 Mar

Fix available
Severity - 7.5 (High)

GHSA-mjgh-79qc-68w3

PyPI/django

Django has a Race Condition vulnerability

03 Mar

Fix available
Severity - 3.7 (Low)

GHSA-6426-9fv3-65x8

PyPI/django

Django has an SQL Injection issue

03 Feb

Fix available
Severity - 5.4 (Medium)

GHSA-gvg8-93h5-g6qq

PyPI/django

Django has an SQL Injection issue

03 Feb

Fix available
Severity - 8.1 (High)

GHSA-2mcm-79hx-8fxw

PyPI/django

Django has Observable Timing Discrepancy

03 Feb

Fix available
Severity - 2.7 (Low)

GHSA-33mw-q7rj-mjwj

PyPI/django

Django has Inefficient Algorithmic Complexity

03 Feb

Fix available
Severity - 2.7 (Low)

GHSA-4rrr-2h4v-f3j9

PyPI/django

Django has Inefficient Algorithmic Complexity

03 Feb

Fix available
Severity - 2.7 (Low)

GHSA-mwm9-4648-f68q

PyPI/django

Django has an SQL Injection issue

03 Feb

Fix available
Severity - 8.1 (High)

GHSA-8m3c-c723-h4p4

PyPI/django-allauth

django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions

15 Dec 2025

Fix available
Severity - 5.4 (Medium)