django-unicorn CVE Vulnerabilities & Metrics

Focus on django-unicorn vulnerabilities and metrics.

Last updated: 29 Mar 2026, 22:25 UTC

About django-unicorn Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with django-unicorn. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total django-unicorn CVEs: 3
Earliest CVE date: 07 Oct 2021, 06:15 UTC
Latest CVE date: 10 Mar 2026, 22:16 UTC

Latest CVE reference: CVE-2026-31815

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical django-unicorn CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.6

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS django-unicorn CVEs

These are the five CVEs with the highest CVSS scores for django-unicorn, sorted by severity first and recency.

CVE-2021-42134 django-unicorn Published on 11 Oct 2021, 01:15 UTC (CVSS: 4.3)
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
CVE-2021-42053 django-unicorn Published on 07 Oct 2021, 06:15 UTC (CVSS: 3.5)
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
CVE-2026-31815 django-unicorn Published on 10 Mar 2026, 22:16 UTC (CVSS: 0)
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is f...

All CVEs for django-unicorn

CVE-2026-31815 django-unicorn vulnerability CVSS: 0 10 Mar 2026, 22:16 UTC

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.

CVE-2021-42134 django-unicorn vulnerability CVSS: 4.3 11 Oct 2021, 01:15 UTC

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

CVE-2021-42053 django-unicorn vulnerability CVSS: 3.5 07 Oct 2021, 06:15 UTC

The Unicorn framework through 0.35.3 for Django allows XSS via component.name.