Software Detail

Software Informaton Top

Framework

Software Detail

Django

Number Of NVD

120

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.djangoproject.com/
Explanation	It is a web application framework written in Python. Django uses the "A.B.C" format for versioning. A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes. Feature releases are released at intervals of about eight months. There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years. Long-term support covers A.2". A.2" is the version with ".2".
Tag	オープンソース BSD License Python

Add Information URL

No	Type	Name	URL
1			https://www.djangoproject.com/download/
2			https://djangoproject.jp/
3			https://docs.djangoproject.com/en/dev/internals/release-process/
4			https://github.com/django/django

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
111	Django6.0	6.0.6	June 3, 2026	Dec. 3, 2025	Aug. 31, 2026	April 30, 2027		0	0	0	0
112	Django5.0	5.0.14	April 2, 2025	Dec. 4, 2023	Aug. 31, 2022		April 30, 2025	0	4	1	0
113	Django4.2 LTS	4.2.26	Nov. 5, 2025	April 1, 2023	Dec. 31, 2023		April 30, 2026	2	10	2	1
114	Django4.1	4.1.13	Nov. 1, 2023	Aug. 1, 2022	April 30, 2023		Dec. 31, 2023	1	7	0	0
115	Django4.0	4.0.10	Feb. 14, 2023	Dec. 1, 2021	Aug. 31, 2022		April 30, 2023	4	8	2	0
116	Django3.2 LTS	3.2.25	March 4, 2024	April 6, 2021	Dec. 31, 2021		April 30, 2024	5	15	4	0
117	Django3.1	3.1.13	July 1, 2021	Aug. 4, 2020	April 30, 2021		Dec. 31, 2021	1	5	5	0
118	Django3.0	3.0.14	April 6, 2021	Dec. 2, 2019	Aug. 31, 2020		April 30, 2021	2	4	6	0
119	Django2.2 LTS	2.2.28	April 11, 2022	April 1, 2019	Dec. 2, 2019		April 30, 2022	5	12	12	0
120	Django2.1	2.1.15	Dec. 2, 2019	Aug. 1, 2018	April 1, 2019		Dec. 2, 2019	1	4	6	0
121	Django2.0 LTS	2.0.9	Feb. 12, 2019	Dec. 3, 2017	Aug. 1, 2018		April 1, 2019	0	2	5	0
122	Django1.11 LTS	1.11.29	March 4, 2020	April 5, 2017	April 1, 2017		April 1, 2020	3	6	8	0
123	Django1.9	1.9.13	April 1, 2017	Dec. 1, 2015	Aug. 31, 2016		April 30, 2017	4	8	12	1
124	Django1.8	1.8.19	March 6, 2018	April 2, 2015	Dec. 1, 2015		April 1, 2018	2	5	14	1
125	Django1.7	1.7.11	Nov. 24, 2015	Sept. 2, 2014	Jan. 1, 1900			1	3	20	1
126	Django1.6	1.6.11	March 18, 2015	Nov. 6, 2013	Jan. 1, 1900			1	3	22	1
127	Django1.5	1.5.12	Jan. 2, 2015	Feb. 26, 2013	Jan. 1, 1900			1	3	19	1
128	Django1.4	1.4.22	Aug. 18, 2015	March 23, 2012	Jan. 1, 1900			1	3	28	1
129	Django1.3	1.3.7	Feb. 20, 2013	March 23, 2011	Jan. 1, 1900			1	2	28	1
130	Django1.2	1.2.7	Sept. 10, 2011	May 17, 2010	Jan. 1, 1900			1	3	28	1
131	Django1.2-alpha1	1.2-alpha1	Jan. 1, 1900		Jan. 1, 1900			0	0	4	0
132	Django1.10	1.10.8	Jan. 1, 1900		April 30, 2017		Nov. 30, 2017	2	1	5	0
133	Django1.1	1.1.4	Jan. 1, 1900		Jan. 1, 1900			2	5	33	1
134	Django1.0	1.0.2	Jan. 1, 1900		Jan. 1, 1900			1	2	26	1
135	Django0.96	0.96	Jan. 1, 1900		Jan. 1, 1900			1	2	25	1
136	Django0.95	0.95	July 1, 2006		Jan. 1, 1900			1	2	25	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
111	- 5.0	MEDIUM	The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for …	CWE-20 Improper Input Validation	CVE-2011-4138	cpe:2.3:a:djangoproject:django:1.3:alpha2 cpe:2.3:a:djangoproject:django:1.3:alpha1 cpe:2.3:a:djangoproject:djang…	1.2.6	2024-11-21 10:31 2011-10-19	Show	GitHub Exploit DB Packet Storm

112	- 5.0	MEDIUM	The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which …	CWE-399 Resource Management Errors	CVE-2011-4137	cpe:2.3:a:djangoproject:django:1.3:alpha2 cpe:2.3:a:djangoproject:django:1.3:alpha1 cpe:2.3:a:djangoproject:djang…	1.2.6	2024-11-21 10:31 2011-10-19	Show	GitHub Exploit DB Packet Storm

113	- 5.8	MEDIUM	django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which …	CWE-20 Improper Input Validation	CVE-2011-4136	cpe:2.3:a:djangoproject:django:1.3:alpha2 cpe:2.3:a:djangoproject:django:1.3:alpha1 cpe:2.3:a:djangoproject:djang…	1.2.6	2024-11-21 10:31 2011-10-19	Show	GitHub Exploit DB Packet Storm

114	- 7.5	HIGH	Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session …	CWE-22 Path Traversal	CVE-2011-0698	cpe:2.3:a:djangoproject:django:1.2:* cpe:2.3:a:djangoproject:django:1.2.4:* cpe:2.3:a:djangoproject:django:1.2.3:…		2024-11-21 10:24 2011-02-15	Show	GitHub Exploit DB Packet Storm

115	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file …	CWE-79 Cross-site Scripting	CVE-2011-0697	cpe:2.3:a:djangoproject:django:1.2:* cpe:2.3:a:djangoproject:django:1.2.4:* cpe:2.3:a:djangoproject:django:1.2.3:…		2024-11-21 10:24 2011-02-15	Show	GitHub Exploit DB Packet Storm

116	- 6.8	MEDIUM	Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site req…	CWE-352 Origin Validation Error	CVE-2011-0696	cpe:2.3:a:djangoproject:django:1.2:* cpe:2.3:a:djangoproject:django:1.2.4:* cpe:2.3:a:djangoproject:django:1.2.3:…		2024-11-21 10:24 2011-02-15	Show	GitHub Exploit DB Packet Storm

117	- 5.0	MEDIUM	The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestam…	CWE-20 Improper Input Validation	CVE-2010-4535	cpe:2.3:a:djangoproject:django:1.3:alpha2 cpe:2.3:a:djangoproject:django:1.3:alpha1 cpe:2.3:a:djangoproject:djang…	1.1.2	2024-11-21 10:21 2011-01-11	Show	GitHub Exploit DB Packet Storm

118	- 4.0	MEDIUM	The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain obje…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2010-4534	cpe:2.3:a:djangoproject:django:1.3:alpha2 cpe:2.3:a:djangoproject:django:1.3:alpha1 cpe:2.3:a:djangoproject:djang…	1.1.2	2024-11-21 10:21 2011-01-11	Show	GitHub Exploit DB Packet Storm

119	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.	CWE-79 Cross-site Scripting	CVE-2010-3082	cpe:2.3:a:djangoproject:django:1.2.2:* cpe:2.3:a:djangoproject:django:1.2.1:2 cpe:2.3:a:djangoproject:django:1.2.…		2024-11-21 10:17 2010-09-15	Show	GitHub Exploit DB Packet Storm

120	- 5.0	MEDIUM	Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) Emai…	NVD-CWE-Other	CVE-2009-3695	cpe:2.3:a:djangoproject:django:1.1:* cpe:2.3:a:djangoproject:django:1.0:*		2026-04-23 09:35 2009-10-13	Show	GitHub Exploit DB Packet Storm