Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 112 CRITICAL 10 HIGH 35 MEDIUM 64 LOW 3
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License
Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 0 4 1 0
42 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
43 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
44 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
45 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
46 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
47 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
48 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
49 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
50 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
51 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
52 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
53 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
54 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
55 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
56 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
57 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
58 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
59 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
60 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
61 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
62 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
63 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
64 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
65 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 8.8
6.5 		HIGH
Network 		Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a sui… CWE-89
SQL Injection 		CVE-2020-9402 cpe:2.3:a:djangoproject:django:*:* 3.0
2.2
1.11



3.0.4
2.2.11
1.11.29 		2024-11-21 14:40
2020-03-6 		Show GitHub Exploit DB Packet Storm
42 9.8
7.5 		CRITICAL
Network 		Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data … CWE-89
SQL Injection 		CVE-2020-7471 cpe:2.3:a:djangoproject:django:*:* 3.0
2.2
1.11



3.0.3
2.2.10
1.11.28 		2024-11-21 14:37
2020-02-3 		Show GitHub Exploit DB Packet Storm
43 9.8
5.0 		CRITICAL
Network 		Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of… CWE-640
 Weak Password Recovery Mechanism for Forgotten Password 		CVE-2019-19844 cpe:2.3:a:djangoproject:django:3.0:*
cpe:2.3:a:djangoproject:django:*:* 		2.2

2.2.9
1.11.27 		2024-11-21 13:35
2019-12-19 		Show GitHub Exploit DB Packet Storm
44 6.5
4.0 		MEDIUM
Network 		Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed… CWE-276
Incorrect Default Permissions  		CVE-2019-19118 cpe:2.3:a:djangoproject:django:*:* 2.1
2.2

2.1.15
2.2.8 		2024-11-21 13:34
2019-12-2 		Show GitHub Exploit DB Packet Storm
45 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.… CWE-89
SQL Injection 		CVE-2019-14234 cpe:2.3:a:djangoproject:django:*:* 2.2
2.1
1.11



2.2.4
2.1.11
1.11.23 		2024-11-21 13:26
2019-08-9 		Show GitHub Exploit DB Packet Storm
46 7.5
5.0 		HIGH
Network 		An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage… CWE-674
 Uncontrolled Recursion 		CVE-2019-14235 cpe:2.3:a:djangoproject:django:*:* 2.2
2.1
1.11



2.2.4
2.1.11
1.11.23 		2024-11-21 13:26
2019-08-3 		Show GitHub Exploit DB Packet Storm
47 7.5
5.0 		HIGH
Network 		An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremel… CWE-400
 Uncontrolled Resource Consumption 		CVE-2019-14233 cpe:2.3:a:djangoproject:django:*:* 2.2
2.1
1.11



2.2.4
2.1.11
1.11.23 		2024-11-21 13:26
2019-08-3 		Show GitHub Exploit DB Packet Storm
48 7.5
5.0 		HIGH
Network 		An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, … CWE-400
 Uncontrolled Resource Consumption 		CVE-2019-14232 cpe:2.3:a:djangoproject:django:*:* 2.2
2.1
1.11



2.2.4
2.1.11
1.11.23 		2024-11-21 13:26
2019-08-3 		Show GitHub Exploit DB Packet Storm
49 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set… CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2019-12781 cpe:2.3:a:djangoproject:django:*:* 1.11
2.1
2.2



1.11.22
2.1.10
2.2.3 		2024-11-21 13:23
2019-07-1 		Show GitHub Exploit DB Packet Storm
50 6.1
4.3 		MEDIUM
Network 		An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without… CWE-79
Cross-site Scripting 		CVE-2019-12308 cpe:2.3:a:djangoproject:django:*:* 2.2
2.1
1.11



2.2.2
2.1.9
1.11.21 		2024-11-21 13:22
2019-06-4 		Show GitHub Exploit DB Packet Storm