Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 112 CRITICAL 10 HIGH 35 MEDIUM 64 LOW 3
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License
Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 0 4 1 0
52 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
53 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
54 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
55 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
56 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
57 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
58 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
59 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
60 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
61 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
62 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
63 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
64 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
65 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
66 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
67 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
68 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
69 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
70 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
71 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
72 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
73 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
74 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
75 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 7.5
5.0 		HIGH
Network 		Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() func… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2019-6975 cpe:2.3:a:djangoproject:django:*:* 1.11.0
2.0.0
2.1.0



1.11.19
2.0.11
2.1.6 		2024-11-21 13:47
2019-02-11 		Show GitHub Exploit DB Packet Storm
52 6.5
4.3 		MEDIUM
Network 		In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defa… CWE-74
Injection 		CVE-2019-3498 cpe:2.3:a:djangoproject:django:*:* 1.11
2.0
2.1



1.11.18
2.0.10
2.1.5 		2024-11-21 13:42
2019-01-10 		Show GitHub Exploit DB Packet Storm
53 4.9
4.0 		MEDIUM
Network 		An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display a… CWE-522
 Insufficiently Protected Credentials 		CVE-2018-16984 cpe:2.3:a:djangoproject:django:*:* 2.1 2.1.2 2024-11-21 12:53
2018-10-3 		Show GitHub Exploit DB Packet Storm
54 6.1
5.8 		MEDIUM
Network 		django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. CWE-601
Open Redirect 		CVE-2018-14574 cpe:2.3:a:djangoproject:django:*:* 2.0
1.11

2.0.8
1.11.15 		2024-11-21 12:49
2018-08-4 		Show GitHub Exploit DB Packet Storm
55 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… CWE-185
 Incorrect Regular Expression 		CVE-2018-7537 cpe:2.3:a:djangoproject:django:*:* 1.8
1.11
2.0



1.8.19
1.11.11
2.0.3 		2024-11-21 13:12
2018-03-10 		Show GitHub Exploit DB Packet Storm
56 5.3
5.0 		MEDIUM
Network 		An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… CWE-185
 Incorrect Regular Expression 		CVE-2018-7536 cpe:2.3:a:djangoproject:django:*:* 1.8
1.11
2.0



1.8.19
1.11.11
2.0.3 		2024-11-21 13:12
2018-03-10 		Show GitHub Exploit DB Packet Storm
57 7.5
5.0 		HIGH
Network 		django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from th… CWE-200
Information Exposure 		CVE-2018-6188 cpe:2.3:a:djangoproject:django:2.0:*
cpe:2.3:a:djangoproject:django:2.0.1:*
cpe:2.3:a:djangoproject:django:1.11.9… 		2024-11-21 13:10
2018-02-5 		Show GitHub Exploit DB Packet Storm
58 6.1
4.3 		MEDIUM
Network 		In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cr… CWE-79
Cross-site Scripting 		CVE-2017-12794 cpe:2.3:a:djangoproject:django:1.11.4:*
cpe:2.3:a:djangoproject:django:1.11.3:*
cpe:2.3:a:djangoproject:django:1.… 		2024-11-21 12:10
2017-09-7 		Show GitHub Exploit DB Packet Storm
59 6.1
5.8 		MEDIUM
Network 		A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an ope… CWE-601
Open Redirect 		CVE-2017-7234 cpe:2.3:a:djangoproject:django:1.9:rc2
cpe:2.3:a:djangoproject:django:1.9:rc1
cpe:2.3:a:djangoproject:django:1.9:… 		2024-11-21 12:31
2017-04-5 		Show GitHub Exploit DB Packet Storm
60 6.1
5.8 		MEDIUM
Network 		Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``dj… CWE-601
Open Redirect 		CVE-2017-7233 cpe:2.3:a:djangoproject:django:1.9:rc2
cpe:2.3:a:djangoproject:django:1.9:rc1
cpe:2.3:a:djangoproject:django:1.9:… 		2024-11-21 12:31
2017-04-5 		Show GitHub Exploit DB Packet Storm