Djangoproject Vulnerabilities
Comprehensive security vulnerability database for Djangoproject products
2
0
1
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-25674 | 3.7 | This vulnerability allows an attacker to create files with incorrect permissions in Django applications, potentially exposing sensitive data or allowing unauthorized access. It occurs when multiple requests are processed at the same time, and a temporary change in file permissions by one request affects others, but it only affects specific versions of Django before certain updates. | djangoprojectdjango | Theoretical | about 1 month agoMar 3, 2026 |
| CVE-2026-25673 | 7.5 | This vulnerability allows an attacker to crash a Django application by sending it overly long URLs that contain specific Unicode characters, leading to a denial of service. It affects certain versions of Django before specific updates, and the problem arises from how the framework processes these URLs on Windows systems. | djangoprojectdjango | Exploit Available | about 1 month agoMar 3, 2026 |
About Djangoproject Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Djangoproject products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.