Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Django Number Of NVD 112 CRITICAL 10 HIGH 35 MEDIUM 64 LOW 3
URL https://www.djangoproject.com/
Explanation It is a web application framework written in Python.

Django uses the "A.B.C" format for versioning.

A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes.

Feature releases are released at intervals of about eight months.
There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years.
Long-term support covers

A.2".

A.2" is the version with ".2".
Tag
  • Python
  • オープンソース
  • BSD License
Add Information URL
No Type Name URL
1 https://www.djangoproject.com/download/
2 https://djangoproject.jp/
3 https://docs.djangoproject.com/en/dev/internals/release-process/
4 https://github.com/django/django
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 Django5.0 5.0.14 April 2, 2025 Dec. 4, 2023 Aug. 31, 2022 April 30, 2025 0 4 1 0
62 Django4.2 LTS 4.2.26 Nov. 5, 2025 April 1, 2023 Dec. 31, 2023 April 30, 2026 2 10 2 1
63 Django4.1 4.1.13 Nov. 1, 2023 Aug. 1, 2022 April 30, 2023 Dec. 31, 2023 1 7 0 0
64 Django4.0 4.0.10 Feb. 14, 2023 Dec. 1, 2021 Aug. 31, 2022 April 30, 2023 4 8 2 0
65 Django3.2 LTS 3.2.25 March 4, 2024 April 6, 2021 Dec. 31, 2021 April 30, 2024 5 15 4 0
66 Django3.1 3.1.13 July 1, 2021 Aug. 4, 2020 April 30, 2021 Dec. 31, 2021 1 5 5 0
67 Django3.0 3.0.14 April 6, 2021 Dec. 2, 2019 Aug. 31, 2020 April 30, 2021 2 4 6 0
68 Django2.2 LTS 2.2.28 April 11, 2022 April 1, 2019 Dec. 2, 2019 April 30, 2022 5 12 12 0
69 Django2.1 2.1.15 Dec. 2, 2019 Aug. 1, 2018 April 1, 2019 Dec. 2, 2019 1 4 6 0
70 Django2.0 LTS 2.0.9 Feb. 12, 2019 Dec. 3, 2017 Aug. 1, 2018 April 1, 2019 0 2 5 0
71 Django1.11 LTS 1.11.29 March 4, 2020 April 5, 2017 April 1, 2017 April 1, 2020 3 6 8 0
72 Django1.9 1.9.13 April 1, 2017 Dec. 1, 2015 Aug. 31, 2016 April 30, 2017 4 8 12 1
73 Django1.8 1.8.19 March 6, 2018 April 2, 2015 Dec. 1, 2015 April 1, 2018 2 5 14 1
74 Django1.7 1.7.11 Nov. 24, 2015 Sept. 2, 2014 Jan. 1, 1900 1 3 20 1
75 Django1.6 1.6.11 March 18, 2015 Nov. 6, 2013 Jan. 1, 1900 1 3 22 1
76 Django1.5 1.5.12 Jan. 2, 2015 Feb. 26, 2013 Jan. 1, 1900 1 3 19 1
77 Django1.4 1.4.22 Aug. 18, 2015 March 23, 2012 Jan. 1, 1900 1 3 28 1
78 Django1.3 1.3.7 Feb. 20, 2013 March 23, 2011 Jan. 1, 1900 1 2 28 1
79 Django1.2 1.2.7 Sept. 10, 2011 May 17, 2010 Jan. 1, 1900 1 3 28 1
80 Django1.2-alpha1 1.2-alpha1 Jan. 1, 1900 Jan. 1, 1900 0 0 4 0
81 Django1.10 1.10.8 Jan. 1, 1900 April 30, 2017 Nov. 30, 2017 2 1 5 0
82 Django1.1 1.1.4 Jan. 1, 1900 Jan. 1, 1900 2 5 33 1
83 Django1.0 1.0.2 Jan. 1, 1900 Jan. 1, 1900 1 2 26 1
84 Django0.96 0.96 Jan. 1, 1900 Jan. 1, 1900 1 2 25 1
85 Django0.95 0.95 July 1, 2006 Jan. 1, 1900 1 2 25 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 8.1
6.8 		HIGH
Network 		Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validat… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-9014 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.9:*
cpe:2.3:a:djangoproject:django:1.9.8:… 		2024-11-21 12:00
2016-12-10 		Show GitHub Exploit DB Packet Storm
62 9.8
7.5 		CRITICAL
Network 		Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it eas… CWE-798
 Use of Hard-coded Credentials 		CVE-2016-9013 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.9:*
cpe:2.3:a:djangoproject:django:1.9.8:… 		2024-11-21 12:00
2016-12-10 		Show GitHub Exploit DB Packet Storm
63 7.5
5.0 		HIGH
Network 		The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting … CWE-254
 7PK - Security Features 		CVE-2016-7401 cpe:2.3:a:djangoproject:django:1.9.9:*
cpe:2.3:a:djangoproject:django:1.9.8:*
cpe:2.3:a:djangoproject:django:1.9.… 		1.8.14 2024-11-21 11:57
2016-10-4 		Show GitHub Exploit DB Packet Storm
64 6.1
4.3 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an… CWE-79
Cross-site Scripting 		CVE-2016-6186 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.7:*
cpe:2.3:a:djangoproject:django:1.9.6:… 		1.8.13 2024-11-21 11:55
2016-08-6 		Show GitHub Exploit DB Packet Storm
65 3.1
2.6 		LOW
Network 		The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. CWE-200
Information Exposure 		CVE-2016-2513 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.2:*
cpe:2.3:a:djangoproject:django:1.9.1:… 		2024-11-21 11:48
2016-04-9 		Show GitHub Exploit DB Packet Storm
66 7.4
4.3 		HIGH
Network 		The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cr… CWE-79
Cross-site Scripting 		CVE-2016-2512 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.2:*
cpe:2.3:a:djangoproject:django:1.9.1:… 		2024-11-21 11:48
2016-04-9 		Show GitHub Exploit DB Packet Storm
67 5.5
6.0 		MEDIUM
Network 		Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option … CWE-284
Improper Access Control 		CVE-2016-2048 cpe:2.3:a:djangoproject:django:1.9:*
cpe:2.3:a:djangoproject:django:1.9.1:* 		2024-11-21 11:47
2016-02-9 		Show GitHub Exploit DB Packet Storm
68 -
5.0 		MEDIUM The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via … CWE-200
Information Exposure 		CVE-2015-8213 cpe:2.3:a:djangoproject:django:1.9.0:rc1
cpe:2.3:a:djangoproject:django:1.8.6:*
cpe:2.3:a:djangoproject:django:1.… 		1.7.10 2024-11-21 11:38
2015-12-8 		Show GitHub Exploit DB Packet Storm
69 -
5.0 		MEDIUM The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty ses… CWE-399
 Resource Management Errors 		CVE-2015-5964 cpe:2.3:a:djangoproject:django:1.8:beta1
cpe:2.3:a:djangoproject:django:1.8.3:*
cpe:2.3:a:djangoproject:django:1.… 		2024-11-21 11:34
2015-08-24 		Show GitHub Exploit DB Packet Storm
70 -
5.0 		MEDIUM contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service … CWE-399
 Resource Management Errors 		CVE-2015-5963 cpe:2.3:a:djangoproject:django:1.8:beta1
cpe:2.3:a:djangoproject:django:1.8.3:*
cpe:2.3:a:djangoproject:django:1.… 		2024-11-21 11:34
2015-08-24 		Show GitHub Exploit DB Packet Storm