django-commons/django-unicorn

django-commons/django-unicorn

www.django-unicorn.com

Releases120

Frequency2 weeks 3 days

Last Release 3 months ago

Stars2.65K

The magical reactive component framework for Django ✨

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-31815 ↗	Mar 10, 2026Tuesday, 10 March 2026, 22:16	5.3 MEDIUM	—
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
CVE-2021-42134 ↗	Oct 11, 2021Monday, 11 October 2021, 01:15	6.1 MEDIUM	4.3 MEDIUM
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
CVE-2021-42053 ↗	Oct 7, 2021Thursday, 7 October 2021, 06:15	5.4 MEDIUM	3.5 LOW
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.