Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 123 CRITICAL 10 HIGH 35 MEDIUM 73 LOW 5
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License

Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
1 New!! Django6.0 6.0.7 July 7, 2026 Dec. 3, 2025 Aug. 31, 2026 April 30, 2027 1 2 10 3
2 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 1 6 11 3
3 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
4 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
5 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
6 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
7 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
8 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
9 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
10 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
11 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
12 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
13 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
14 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
15 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
16 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
17 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
18 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
19 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
20 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
21 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
22 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
23 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
24 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
25 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
26 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
1 6.1
-
MEDIUM
Network
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newl… CWE-144
 Improper Neutralization of Line Delimiters
CVE-2026-53878 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.16
6.0.7
2026-07-9 21:58
2026-07-8
Show GitHub Exploit DB Packet Storm
2 4.8
-
MEDIUM
Network
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `django.contrib.gis.gdal.GDALRaster` over-reads its in-memory buffer when constructed from a bytes object, which can disclose… CWE-805
 Buffer Access with Incorrect Length Value
CVE-2026-53877 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.16
6.0.7
2026-07-9 21:59
2026-07-8
Show GitHub Exploit DB Packet Storm
3 5.3
-
MEDIUM
Network
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carri… CWE-524
 Use of Cache Containing Sensitive Information
CVE-2026-48588 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.16
6.0.7
2026-07-9 22:01
2026-07-8
Show GitHub Exploit DB Packet Storm
4 5.3
-
MEDIUM
Network
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive… CWE-178
 Improper Handling of Case Sensitivity
CVE-2026-8404 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.15
6.0.6
2026-06-5 21:38
2026-06-3
Show GitHub Exploit DB Packet Storm
5 3.1
-
LOW
Network
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a … CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-7666 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.15
6.0.6
2026-06-5 21:46
2026-06-3
Show GitHub Exploit DB Packet Storm
6 4.3
-
MEDIUM
Network
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and… CWE-347
 Improper Verification of Cryptographic Signature
CVE-2026-6873 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.15
6.0.6
2026-06-5 21:58
2026-06-3
Show GitHub Exploit DB Packet Storm
7 5.3
-
MEDIUM
Network
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va… CWE-1023
 Incomplete Comparison with Missing Factors
CVE-2026-48587 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.15
6.0.6
2026-06-5 22:03
2026-06-3
Show GitHub Exploit DB Packet Storm
8 3.1
-
LOW
Network
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ… CWE-524
 Use of Cache Containing Sensitive Information
CVE-2026-35193 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.15
6.0.6
2026-06-5 22:03
2026-06-3
Show GitHub Exploit DB Packet Storm
9 5.3
-
MEDIUM
Network
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T… CWE-524
 Use of Cache Containing Sensitive Information
CVE-2026-6907 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.14
6.0.5
2026-05-7 23:16
2026-05-6
Show GitHub Exploit DB Packet Storm
10 5.3
-
MEDIUM
Network
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially … CWE-130
 Improper Handling of Length Parameter Inconsistency
CVE-2026-5766 cpe:2.3:a:djangoproject:django:*:* 5.2
6.0


5.2.14
6.0.5
2026-05-7 23:16
2026-05-6
Show GitHub Exploit DB Packet Storm