Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 112 CRITICAL 10 HIGH 35 MEDIUM 64 LOW 3
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License
Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 0 4 1 0
22 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
23 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
24 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
25 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
26 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
27 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
28 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
29 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
30 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
31 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
32 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
33 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
34 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
35 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
36 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
37 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
38 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
39 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
40 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
41 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
42 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
43 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
44 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
45 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 9.8
7.5 		CRITICAL
Network 		A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion… CWE-89
SQL Injection 		CVE-2022-28347 cpe:2.3:a:djangoproject:django:*:* 4.0
3.2
2.2



4.0.4
3.2.13
2.2.28 		2024-11-21 15:57
2022-04-12 		Show GitHub Exploit DB Packet Storm
22 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via … CWE-89
SQL Injection 		CVE-2022-28346 cpe:2.3:a:djangoproject:django:*:* 4.0
3.2
2.2



4.0.4
3.2.13
2.2.28 		2024-11-21 15:57
2022-04-12 		Show GitHub Exploit DB Packet Storm
23 7.5
5.0 		HIGH
Network 		An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsin… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2022-23833 cpe:2.3:a:djangoproject:django:*:* 3.2
4.0
2.2



3.2.12
4.0.2
2.2.27 		2024-11-21 15:49
2022-02-3 		Show GitHub Exploit DB Packet Storm
24 6.1
4.3 		MEDIUM
Network 		The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. CWE-79
Cross-site Scripting 		CVE-2022-22818 cpe:2.3:a:djangoproject:django:*:* 3.2
4.0
2.2



3.2.12
4.0.2
2.2.27 		2024-11-21 15:47
2022-02-3 		Show GitHub Exploit DB Packet Storm
25 5.3
5.0 		MEDIUM
Network 		Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. CWE-22
Path Traversal 		CVE-2021-45452 cpe:2.3:a:djangoproject:django:*:* 2.2
3.2
4.0



2.2.26
3.2.11
4.0.1 		2024-11-21 15:32
2022-01-5 		Show GitHub Exploit DB Packet Storm
26 7.5
5.0 		HIGH
Network 		An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … CWE-20
 Improper Input Validation  		CVE-2021-45116 cpe:2.3:a:djangoproject:django:*:* 2.2
3.2
4.0



2.2.26
3.2.11
4.0.1 		2024-11-21 15:31
2022-01-5 		Show GitHub Exploit DB Packet Storm
27 7.5
5.0 		HIGH
Network 		An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… NVD-CWE-Other
CVE-2021-45115 cpe:2.3:a:djangoproject:django:*:* 2.2
3.2
4.0



2.2.26
3.2.11
4.0.1 		2024-11-21 15:31
2022-01-5 		Show GitHub Exploit DB Packet Storm
28 7.3
7.5 		HIGH
Network 		In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. NVD-CWE-Other
CVE-2021-44420 cpe:2.3:a:djangoproject:django:*:* 2.2
3.1
3.2



2.2.25
3.1.14
3.2.10 		2024-11-21 15:30
2021-12-8 		Show GitHub Exploit DB Packet Storm
29 9.8
7.5 		CRITICAL
Network 		Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. CWE-89
SQL Injection 		CVE-2021-35042 cpe:2.3:a:djangoproject:django:*:* 3.2
3.1

3.2.5
3.1.13 		2024-11-21 15:11
2021-07-2 		Show GitHub Exploit DB Packet Storm
30 7.5
5.0 		HIGH
Network 		In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This m… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2021-33571 cpe:2.3:a:djangoproject:django:*:* 3.2
3.0
2.2



3.2.4
3.1.12
2.2.24 		2024-11-21 15:09
2021-06-9 		Show GitHub Exploit DB Packet Storm