By vendor
Djangoproject vulnerabilities
Known CVEs affecting Djangoproject products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-35193LOW 3.1
Django's cache middleware has a flaw that can leak private user data. When Django caches web responses, it's supposed to mark cached data as private (via the `Vary` header) if a request included authentication credentials. In Django 5.2 before version 5.2.15 and 6.0 before version 6.0.6, this protection doesn't work correctly. An attacker can make an unauthenticated request to the same URL a logged-in user visited, and Django may serve the cached private response—revealing sensitive information that should have been protected. Older Django versions (5.0.x, 4.1.x, 3.2.x) haven't been formally evaluated but may have the same problem.