Software Detail

Software Informaton Top

Framework

Software Detail

Django

Number Of NVD

112

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.djangoproject.com/
Explanation	It is a web application framework written in Python. Django uses the "A.B.C" format for versioning. A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes. Feature releases are released at intervals of about eight months. There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years. Long-term support covers A.2". A.2" is the version with ".2".
Tag	Python オープンソース BSD License

Add Information URL

No	Type	Name	URL
1			https://www.djangoproject.com/download/
2			https://djangoproject.jp/
3			https://docs.djangoproject.com/en/dev/internals/release-process/
4			https://github.com/django/django

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Extended for a fee	Critical	High	Medium	Low
91	Django5.0	5.0.14	April 2, 2025	Dec. 4, 2023	Aug. 31, 2022	April 30, 2025	0	4	1	0
92	Django4.2 LTS	4.2.26	Nov. 5, 2025	April 1, 2023	Dec. 31, 2023	April 30, 2026	2	10	2	1
93	Django4.1	4.1.13	Nov. 1, 2023	Aug. 1, 2022	April 30, 2023	Dec. 31, 2023	1	7	0	0
94	Django4.0	4.0.10	Feb. 14, 2023	Dec. 1, 2021	Aug. 31, 2022	April 30, 2023	4	8	2	0
95	Django3.2 LTS	3.2.25	March 4, 2024	April 6, 2021	Dec. 31, 2021	April 30, 2024	5	15	4	0
96	Django3.1	3.1.13	July 1, 2021	Aug. 4, 2020	April 30, 2021	Dec. 31, 2021	1	5	5	0
97	Django3.0	3.0.14	April 6, 2021	Dec. 2, 2019	Aug. 31, 2020	April 30, 2021	2	4	6	0
98	Django2.2 LTS	2.2.28	April 11, 2022	April 1, 2019	Dec. 2, 2019	April 30, 2022	5	12	12	0
99	Django2.1	2.1.15	Dec. 2, 2019	Aug. 1, 2018	April 1, 2019	Dec. 2, 2019	1	4	6	0
100	Django2.0 LTS	2.0.9	Feb. 12, 2019	Dec. 3, 2017	Aug. 1, 2018	April 1, 2019	0	2	5	0
101	Django1.11 LTS	1.11.29	March 4, 2020	April 5, 2017	April 1, 2017	April 1, 2020	3	6	8	0
102	Django1.9	1.9.13	April 1, 2017	Dec. 1, 2015	Aug. 31, 2016	April 30, 2017	4	8	12	1
103	Django1.8	1.8.19	March 6, 2018	April 2, 2015	Dec. 1, 2015	April 1, 2018	2	5	14	1
104	Django1.7	1.7.11	Nov. 24, 2015	Sept. 2, 2014	Jan. 1, 1900		1	3	20	1
105	Django1.6	1.6.11	March 18, 2015	Nov. 6, 2013	Jan. 1, 1900		1	3	22	1
106	Django1.5	1.5.12	Jan. 2, 2015	Feb. 26, 2013	Jan. 1, 1900		1	3	19	1
107	Django1.4	1.4.22	Aug. 18, 2015	March 23, 2012	Jan. 1, 1900		1	3	28	1
108	Django1.3	1.3.7	Feb. 20, 2013	March 23, 2011	Jan. 1, 1900		1	2	28	1
109	Django1.2	1.2.7	Sept. 10, 2011	May 17, 2010	Jan. 1, 1900		1	3	28	1
110	Django1.2-alpha1	1.2-alpha1	Jan. 1, 1900		Jan. 1, 1900		0	0	4	0
111	Django1.10	1.10.8	Jan. 1, 1900		April 30, 2017	Nov. 30, 2017	2	1	5	0
112	Django1.1	1.1.4	Jan. 1, 1900		Jan. 1, 1900		2	5	33	1
113	Django1.0	1.0.2	Jan. 1, 1900		Jan. 1, 1900		1	2	26	1
114	Django0.96	0.96	Jan. 1, 1900		Jan. 1, 1900		1	2	25	1
115	Django0.95	0.95	July 1, 2006		Jan. 1, 1900		1	2	25	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
91	- 4.3	MEDIUM	The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce …	CWE-79 Cross-site Scripting	CVE-2013-6044	cpe:2.3:a:djangoproject:django:1.6:beta1 cpe:2.3:a:djangoproject:django:1.5:* cpe:2.3:a:djangoproject:django:1.5.…		2024-11-21 10:58 2013-10-5	Show	GitHub Exploit DB Packet Storm

92	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbit…	CWE-79 Cross-site Scripting	CVE-2013-4249	cpe:2.3:a:djangoproject:django:1.6:beta1 cpe:2.3:a:djangoproject:django:1.5:beta cpe:2.3:a:djangoproject:django:1…		2024-11-21 10:55 2013-10-5	Show	GitHub Exploit DB Packet Storm

93	- 5.0	MEDIUM	The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption)…	CWE-287 Improper Authentication	CVE-2013-1443	cpe:2.3:a:djangoproject:django:1.6:beta3 cpe:2.3:a:djangoproject:django:1.6:beta2 cpe:2.3:a:djangoproject:django:…		2024-11-21 10:49 2013-09-24	Show	GitHub Exploit DB Packet Storm

94	- 5.0	MEDIUM	Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_…	CWE-22 Path Traversal	CVE-2013-4315	cpe:2.3:a:djangoproject:django:1.6:beta2 cpe:2.3:a:djangoproject:django:1.6:beta1 cpe:2.3:a:djangoproject:django:…		2024-11-21 10:55 2013-09-17	Show	GitHub Exploit DB Packet Storm

95	- 5.0	MEDIUM	The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of ser…	CWE-189 Numeric Errors	CVE-2013-0306	cpe:2.3:a:djangoproject:django:1.5:beta cpe:2.3:a:djangoproject:django:1.5:alpha cpe:2.3:a:djangoproject:django:1…		2024-11-21 10:47 2013-05-2	Show	GitHub Exploit DB Packet Storm

96	- 4.0	MEDIUM	The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated a…	CWE-200 Information Exposure	CVE-2013-0305	cpe:2.3:a:djangoproject:django:1.5:beta cpe:2.3:a:djangoproject:django:1.5:alpha cpe:2.3:a:djangoproject:django:1…		2024-11-21 10:47 2013-05-2	Show	GitHub Exploit DB Packet Storm

97	- 6.4	MEDIUM	The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host…	CWE-20 Improper Input Validation	CVE-2012-4520	cpe:2.3:a:djangoproject:django:1.4:* cpe:2.3:a:djangoproject:django:1.4.1:* cpe:2.3:a:djangoproject:django:1.3:be…		2024-11-21 10:43 2012-11-19	Show	GitHub Exploit DB Packet Storm

98	- 5.0	MEDIUM	The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2012-3444	cpe:2.3:a:djangoproject:django:1.4:* cpe:2.3:a:djangoproject:django:1.3:beta1 cpe:2.3:a:djangoproject:django:1.3:…	1.3	2024-11-21 10:40 2012-08-1	Show	GitHub Exploit DB Packet Storm

99	- 5.0	MEDIUM	The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a…	CWE-20 Improper Input Validation	CVE-2012-3443	cpe:2.3:a:djangoproject:django:1.4:* cpe:2.3:a:djangoproject:django:1.3:beta1 cpe:2.3:a:djangoproject:django:1.3:…	1.3	2024-11-21 10:40 2012-08-1	Show	GitHub Exploit DB Packet Storm

100	- 4.3	MEDIUM	The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which…	CWE-79 Cross-site Scripting	CVE-2012-3442	cpe:2.3:a:djangoproject:django:1.4:* cpe:2.3:a:djangoproject:django:1.3:beta1 cpe:2.3:a:djangoproject:django:1.3:…	1.3	2024-11-21 10:40 2012-08-1	Show	GitHub Exploit DB Packet Storm