Skip to content

fix(deps): vuln django (major → 6.0.4) [pkg/dependency/parser/python/pip/testdata]#34

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/major/pip/testdata/1-1776941447
Draft

fix(deps): vuln django (major → 6.0.4) [pkg/dependency/parser/python/pip/testdata]#34
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/major/pip/testdata/1-1776941447

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026

Summary: Critical-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • pkg/dependency/parser/python/pip/testdata (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
django 4.0.1 6.0.4 major Direct 14 CRITICAL, 22 HIGH, 8 MODERATE

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (36 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
django PYSEC-2022-213 critical - 4.0.1 3.2.14
django CVE-2025-64459 CRITICAL - 4.0.1 -
django GHSA-frmv-pr5f-9mcr CRITICAL Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. 4.0.1 5.2.8
django GHSA-w24h-v9qh-8gxj CRITICAL SQL Injection in Django 4.0.1 2.2.28
django CVE-2022-28347 critical - 4.0.1 -
django PYSEC-2022-191 critical - 4.0.1 4.0.4
django GHSA-2gwj-7jmv-h26r CRITICAL SQL Injection in Django 4.0.1 2.2.28
django CVE-2022-28346 critical - 4.0.1 -
django PYSEC-2023-61 critical - 4.0.1 3.2.19
django CVE-2023-31047 critical - 4.0.1 -
django GHSA-r3xc-prgr-mg9p CRITICAL Django bypasses validation when using one form field to upload multiple files 4.0.1 3.2.19
django PYSEC-2022-190 critical - 4.0.1 4.0.4
django GHSA-p64x-8rxx-wf6q CRITICAL Django Trunc() and Extract() database functions vulnerable to SQL Injection 4.0.1 3.2.14
django CVE-2022-34265 critical - 4.0.1 -
django PYSEC-2022-304 high - 4.0.1 5b6b257fa7ec37ff27965358800c67e2dd11c924
django CVE-2023-24580 high - 4.0.1 -
django CVE-2025-57833 HIGH - 4.0.1 -
django GHSA-6cw3-g6wv-c2xv HIGH Infinite Loop in Django 4.0.1 2.2.27
django CVE-2025-64458 HIGH - 4.0.1 -
django GHSA-qw25-v68c-qjf3 HIGH Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows 4.0.1 5.2.8
django CVE-2022-41323 high - 4.0.1 -
django GHSA-qrw5-5h28-6cmg HIGH Django denial-of-service vulnerability in internationalized URLs 4.0.1 3.2.16
django PYSEC-2023-12 high - 4.0.1 3.2.17
django CVE-2023-23969 high - 4.0.1 -
django GHSA-q2jf-h9jm-m7p4 HIGH Django contains Uncontrolled Resource Consumption via cached header 4.0.1 3.2.17
django GHSA-8x94-hmjh-97hq HIGH Django vulnerable to Reflected File Download attack 4.0.1 3.2.15
django PYSEC-2022-245 HIGH - 4.0.1 3.2.15
django CVE-2022-36359 HIGH - 4.0.1 -
django PYSEC-2023-13 high - 4.0.1 3.2.18
django CVE-2022-23833 HIGH - 4.0.1 -
django GHSA-2hrw-hx67-34x6 HIGH Resource exhaustion in Django 4.0.1 3.2.18
django GHSA-6w2r-r2m5-xq5w HIGH Django is subject to SQL injection through its column aliases 4.0.1 4.2.24
django PYSEC-2023-100 HIGH - 4.0.1 4.2.3
django CVE-2023-36053 HIGH - 4.0.1 -
django PYSEC-2022-20 HIGH - 4.0.1 2.2.27
django GHSA-jh3w-4vvf-mjgr HIGH Django has regular expression denial of service vulnerability in EmailValidator/URLValidator 4.0.1 3.2.20
ℹ️ Other Vulnerabilities (8)
Package CVE Severity Summary Unsafe Version Fixed In
django PYSEC-2025-47 MODERATE - 4.0.1 5.2.2
django CVE-2025-48432 MODERATE - 4.0.1 -
django GHSA-7xr5-9hcq-chf9 MODERATE Django Improper Output Neutralization for Logs vulnerability 4.0.1 5.2.2
django CVE-2024-45231 MODERATE - 4.0.1 -
django GHSA-rrqc-c2jx-6jgv MODERATE Django allows enumeration of user e-mail addresses 4.0.1 5.1.1
django PYSEC-2022-19 MODERATE - 4.0.1 2.2.27
django CVE-2022-22818 MODERATE - 4.0.1 -
django GHSA-95rw-fx8r-36v6 MODERATE Cross-site Scripting in Django 4.0.1 2.2.27
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
django 4.0.1 Apr 1, 2023 6.0.4 pkg/dependency/parser/python/pip/testdata/requirements_compatible.txt

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants