Django Bug Bounty Program Statistics | BugBountyHunter.com

You are viewing our old website

We are busy working on a brand new website and platform. All of the content on this website is considered out-dated, however challenges and our members section are working as before. Stay tuned for updates!

Django Program Statistics

10 total issues disclosed

$1,000 total paid publicly

Most disclosed (4 disclosures) — SQL Injection

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion	None supplied	sy2n0	No rating	2026-02-09
User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery	None supplied	stackered	No rating	2026-02-04
Potential SQL Injection when annotating FilteredRelation on PostgreSQL	SQL Injection	stackered	High	2025-12-02
Path traversal via archive.extract - CVE 2021-3281 incomplete patch	Path Traversal	stackered	Low	2025-11-21
SQL Injection in Django ORM via Unvalidated `_connector` in Q Objects	SQL Injection	cyberstan	Critical	2025-11-06
SQL Injection when using FilteredRelation	SQL Injection	eyalsec	Critical	2025-09-15
SQL injection in JSONField KeyTransform	SQL Injection	eyalsec	High	2025-09-12
Deserialization of potentially malicious data to RCE	Deserialization of Untrusted Data	scaramouche31	High	2022-01-14
Email Spoofing Possible on djangoproject.com Email Domain	Business Logic Errors	greenwolf	Medium	2018-10-05
CSRF protection bypass on any Django powered site via Google Analytics	None supplied	bobrov	No rating	2016-09-26