Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 123 CRITICAL 10 HIGH 35 MEDIUM 73 LOW 5
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License

Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
121 New!! Django6.0 6.0.7 July 7, 2026 Dec. 3, 2025 Aug. 31, 2026 April 30, 2027 1 2 10 3
122 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 1 6 11 3
123 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
124 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
125 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
126 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
127 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
128 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
129 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
130 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
131 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
132 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
133 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
134 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
135 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
136 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
137 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
138 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
139 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
140 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
141 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
142 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
143 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
144 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
145 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
146 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
121 -
4.0
MEDIUM The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain obje… CWE-264
Permissions, Privileges, and Access Controls
CVE-2010-4534 cpe:2.3:a:djangoproject:django:1.3:alpha2
cpe:2.3:a:djangoproject:django:1.3:alpha1
cpe:2.3:a:djangoproject:djang…
1.1.2 2024-11-21 10:21
2011-01-11
Show GitHub Exploit DB Packet Storm
122 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. CWE-79
Cross-site Scripting
CVE-2010-3082 cpe:2.3:a:djangoproject:django:1.2.2:*
cpe:2.3:a:djangoproject:django:1.2.1:2
cpe:2.3:a:djangoproject:django:1.2.…
2024-11-21 10:17
2010-09-15
Show GitHub Exploit DB Packet Storm
123 -
5.0
MEDIUM Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) Emai… NVD-CWE-Other
CVE-2009-3695 cpe:2.3:a:djangoproject:django:1.1:*
cpe:2.3:a:djangoproject:django:1.0:*
2026-04-23 09:35
2009-10-13
Show GitHub Exploit DB Packet Storm