Aggregates CVE and security vulnerability intelligence across all django-unicorn-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk file inclusion and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-31815 | Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0. | [email protected] | 5.3 | 0.07% | 2026-03-10 | 2026-03-18 |
| CVE-2021-42134 | The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | [email protected] | 6.1 | 0.23% | 2021-10-11 | 2024-11-21 |
| CVE-2021-42053 | The Unicorn framework through 0.35.3 for Django allows XSS via component.name. | [email protected] | 5.4 | 0.27% | 2021-10-07 | 2024-11-21 |