Django

Security rules for Django web framework

Security Rules

Run All Django Rules

pathfinder scan --ruleset cpf/python/django

Rules

Django SQL Injection in cursor.execute()

SQL injection vulnerability: User input flows to cursor.execute() without parameterization within a function. Use parameterized queries with %s placeholders.

pythondjangosql-injectionormdatabaseowasp-a03cwe-89parameterizationcursorintra-proceduralcriticalsecurity

CWE-89

CVE-2022-34265

Updated 2026-01-17

Back to Python Categories All Languages →