extends-custom-expression
no-csrf-exempt
unvalidated-password
avoid-mark-safe
avoid-query-set-extra
People.objects.get(name='Bob')
.avoid-raw-sql
People.objects.get(name='Bob')
custom-expression-as-sql
django-secure-set-cookie
avoid-insecure-deserialization
pickle
, _pickle
, cpickle
, dill
, shelve
, or yaml
, which are known to lead to remote code execution vulnerabilities.