Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
Django Number Of NVD 103 CRITICAL 9 HIGH 30 MEDIUM 62 LOW 2
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • オープンソース
  • BSD License
  • Python
Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 New!! Django4.2 LTS 4.2.13 May 7, 2024 April 1, 2023 Dec. 31, 2023 April 30, 2026 1 5 0 0
2 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
3 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
4 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
5 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
6 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
7 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
8 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
9 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
10 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
11 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
12 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
13 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
14 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
15 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
16 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
17 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
18 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
19 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
20 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
21 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
22 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
23 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
24 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with ve… NVD-CWE-noinfo
CVE-2024-24680 cpe:2.3:a:djangoproject:django:*:* 5.0
3.2
4.2



5.0.2
3.2.24
4.2.10 		2024-04-20 12:15
2024-02-7 		Show GitHub Exploit DB Packet Storm
2 7.5
- 		HIGH
Network 		In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large … CWE-1284
 Improper Validation of Specified Quantity in Input 		CVE-2023-41164 cpe:2.3:a:djangoproject:django:*:* 4.2
4.1
3.2



4.2.5
4.1.11
3.2.21 		2024-04-20 12:15
2023-11-3 		Show GitHub Exploit DB Packet Storm
3 7.5
- 		HIGH
Network 		In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of … CWE-1284
 Improper Validation of Specified Quantity in Input 		CVE-2023-43665 cpe:2.3:a:djangoproject:django:*:* 4.2
4.1
3.2



4.2.6
4.1.12
3.2.22 		2024-05-2 02:15
2023-11-3 		Show GitHub Exploit DB Packet Storm
4 7.5
- 		HIGH
Network 		An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is s… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2023-46695 cpe:2.3:a:djangoproject:django:*:* 4.2.
4.1
3.2



4.2.7
4.1.13
3.2.23 		2023-12-14 19:15
2023-11-2 		Show GitHub Exploit DB Packet Storm
5 7.5
- 		HIGH
Network 		In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large num… CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2023-36053 cpe:2.3:a:djangoproject:django:*:* 4.2
4.0
3.2



4.2.3
4.1.10
3.2.20 		2024-04-20 12:15
2023-07-3 		Show GitHub Exploit DB Packet Storm
6 9.8
- 		CRITICAL
Network 		In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been suppo… CWE-20
 Improper Input Validation  		CVE-2023-31047 cpe:2.3:a:djangoproject:django:4.2:rc1
cpe:2.3:a:djangoproject:django:4.2:b1
cpe:2.3:a:djangoproject:django:4.2:-… 		4.0
3.2

4.1.9
3.2.19 		2023-11-7 13:14
2023-05-7 		Show GitHub Exploit DB Packet Storm
7 7.5
- 		HIGH
Network 		An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart … CWE-400
 Uncontrolled Resource Consumption 		CVE-2023-24580 cpe:2.3:a:djangoproject:django:*:* 3.2
4.0
4.1



3.2.18
4.0.10
4.1.7 		2023-11-7 13:08
2023-02-15 		Show GitHub Exploit DB Packet Storm
8 7.5
- 		HIGH
Network 		In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2023-23969 cpe:2.3:a:djangoproject:django:*:* 3.2
4.1
4.0



3.2.17
4.1.6
4.0.9 		2023-11-7 13:08
2023-02-2 		Show GitHub Exploit DB Packet Storm
9 7.5
- 		HIGH
Network 		In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regula… NVD-CWE-Other
CVE-2022-41323 cpe:2.3:a:djangoproject:django:*:* 3.2
4.1
4.0



3.2.16
4.1.2
4.0.8 		2023-11-7 12:52
2022-10-16 		Show GitHub Exploit DB Packet Storm
10 8.8
- 		HIGH
Network 		An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-D… CWE-494
 Download of Code Without Integrity Check 		CVE-2022-36359 cpe:2.3:a:djangoproject:django:*:* 4.0
3.2

4.0.7
3.2.15 		2023-11-7 12:49
2022-08-3 		Show GitHub Exploit DB Packet Storm