Software Detail

Software Informaton Top

Framework

Software Detail

Django

Number Of NVD

112

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.djangoproject.com/
Explanation	It is a web application framework written in Python. Django uses the "A.B.C" format for versioning. A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes. Feature releases are released at intervals of about eight months. There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years. Long-term support covers A.2". A.2" is the version with ".2".
Tag	Python オープンソース BSD License

Add Information URL

No	Type	Name	URL
1			https://www.djangoproject.com/download/
2			https://djangoproject.jp/
3			https://docs.djangoproject.com/en/dev/internals/release-process/
4			https://github.com/django/django

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Extended for a fee	Critical	High	Medium	Low
71	Django5.0	5.0.14	April 2, 2025	Dec. 4, 2023	Aug. 31, 2022	April 30, 2025	0	4	1	0
72	Django4.2 LTS	4.2.26	Nov. 5, 2025	April 1, 2023	Dec. 31, 2023	April 30, 2026	2	10	2	1
73	Django4.1	4.1.13	Nov. 1, 2023	Aug. 1, 2022	April 30, 2023	Dec. 31, 2023	1	7	0	0
74	Django4.0	4.0.10	Feb. 14, 2023	Dec. 1, 2021	Aug. 31, 2022	April 30, 2023	4	8	2	0
75	Django3.2 LTS	3.2.25	March 4, 2024	April 6, 2021	Dec. 31, 2021	April 30, 2024	5	15	4	0
76	Django3.1	3.1.13	July 1, 2021	Aug. 4, 2020	April 30, 2021	Dec. 31, 2021	1	5	5	0
77	Django3.0	3.0.14	April 6, 2021	Dec. 2, 2019	Aug. 31, 2020	April 30, 2021	2	4	6	0
78	Django2.2 LTS	2.2.28	April 11, 2022	April 1, 2019	Dec. 2, 2019	April 30, 2022	5	12	12	0
79	Django2.1	2.1.15	Dec. 2, 2019	Aug. 1, 2018	April 1, 2019	Dec. 2, 2019	1	4	6	0
80	Django2.0 LTS	2.0.9	Feb. 12, 2019	Dec. 3, 2017	Aug. 1, 2018	April 1, 2019	0	2	5	0
81	Django1.11 LTS	1.11.29	March 4, 2020	April 5, 2017	April 1, 2017	April 1, 2020	3	6	8	0
82	Django1.9	1.9.13	April 1, 2017	Dec. 1, 2015	Aug. 31, 2016	April 30, 2017	4	8	12	1
83	Django1.8	1.8.19	March 6, 2018	April 2, 2015	Dec. 1, 2015	April 1, 2018	2	5	14	1
84	Django1.7	1.7.11	Nov. 24, 2015	Sept. 2, 2014	Jan. 1, 1900		1	3	20	1
85	Django1.6	1.6.11	March 18, 2015	Nov. 6, 2013	Jan. 1, 1900		1	3	22	1
86	Django1.5	1.5.12	Jan. 2, 2015	Feb. 26, 2013	Jan. 1, 1900		1	3	19	1
87	Django1.4	1.4.22	Aug. 18, 2015	March 23, 2012	Jan. 1, 1900		1	3	28	1
88	Django1.3	1.3.7	Feb. 20, 2013	March 23, 2011	Jan. 1, 1900		1	2	28	1
89	Django1.2	1.2.7	Sept. 10, 2011	May 17, 2010	Jan. 1, 1900		1	3	28	1
90	Django1.2-alpha1	1.2-alpha1	Jan. 1, 1900		Jan. 1, 1900		0	0	4	0
91	Django1.10	1.10.8	Jan. 1, 1900		April 30, 2017	Nov. 30, 2017	2	1	5	0
92	Django1.1	1.1.4	Jan. 1, 1900		Jan. 1, 1900		2	5	33	1
93	Django1.0	1.0.2	Jan. 1, 1900		Jan. 1, 1900		1	2	26	1
94	Django0.96	0.96	Jan. 1, 1900		Jan. 1, 1900		1	2	25	1
95	Django0.95	0.95	July 1, 2006		Jan. 1, 1900		1	2	25	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
71	- 7.8	HIGH	validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.	CWE-399 Resource Management Errors	CVE-2015-5145	cpe:2.3:a:djangoproject:django:1.8.2:* cpe:2.3:a:djangoproject:django:1.8.1:* cpe:2.3:a:djangoproject:django:1.8.…		2024-11-21 11:32 2015-07-15	Show	GitHub Exploit DB Packet Storm

72	- 4.3	MEDIUM	Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP …	CWE-20 Improper Input Validation	CVE-2015-5144	cpe:2.3:a:djangoproject:django:1.8:beta1 cpe:2.3:a:djangoproject:django:1.8.2:* cpe:2.3:a:djangoproject:django:1.…	1.4.20	2024-11-21 11:32 2015-07-15	Show	GitHub Exploit DB Packet Storm

73	- 7.8	HIGH	The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via mult…	CWE-399 Resource Management Errors	CVE-2015-5143	cpe:2.3:a:djangoproject:django:1.8.2:* cpe:2.3:a:djangoproject:django:1.8.1:* cpe:2.3:a:djangoproject:django:1.8.…		2024-11-21 11:32 2015-07-15	Show	GitHub Exploit DB Packet Storm

74	- 5.0	MEDIUM	The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the …	NVD-CWE-Other	CVE-2015-3982	cpe:2.3:a:djangoproject:django:1.8.1:* cpe:2.3:a:djangoproject:django:1.8.0:*		2024-11-21 11:30 2015-06-2	Show	GitHub Exploit DB Packet Storm

75	- 4.3	MEDIUM	The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to c…	CWE-79 Cross-site Scripting	CVE-2015-2317	cpe:2.3:a:djangoproject:django:1.8.0:* cpe:2.3:a:djangoproject:django:1.7:rc3 cpe:2.3:a:djangoproject:django:1.7:…	1.4.19	2024-11-21 11:27 2015-03-25	Show	GitHub Exploit DB Packet Storm

76	- 5.0	MEDIUM	The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of servi…	CWE-399 Resource Management Errors	CVE-2015-2316	cpe:2.3:a:djangoproject:django:1.8.0:* cpe:2.3:a:djangoproject:django:1.7:rc3 cpe:2.3:a:djangoproject:django:1.7:…		2024-11-21 11:27 2015-03-25	Show	GitHub Exploit DB Packet Storm

77	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a …	CWE-79 Cross-site Scripting	CVE-2015-2241	cpe:2.3:a:djangoproject:django:1.8:beta1 cpe:2.3:a:djangoproject:django::	1.7.5	2024-11-21 11:27 2015-03-12	Show	GitHub Exploit DB Packet Storm

78	- 5.0	MEDIUM	ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate va…	CWE-17 Code	CVE-2015-0222	cpe:2.3:a:djangoproject:django:1.7:* cpe:2.3:a:djangoproject:django:1.7.2:* cpe:2.3:a:djangoproject:django:1.7.1:…	1.4.17	2024-11-21 11:22 2015-01-17	Show	GitHub Exploit DB Packet Storm

79	- 5.0	MEDIUM	The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of servic…	CWE-399 Resource Management Errors	CVE-2015-0221	cpe:2.3:a:djangoproject:django:1.7:* cpe:2.3:a:djangoproject:django:1.7.2:* cpe:2.3:a:djangoproject:django:1.7.1:…	1.4.17	2024-11-21 11:22 2015-01-17	Show	GitHub Exploit DB Packet Storm

80	- 4.3	MEDIUM	The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct c…	CWE-79 Cross-site Scripting	CVE-2015-0220	cpe:2.3:a:djangoproject:django:1.7:* cpe:2.3:a:djangoproject:django:1.7.2:* cpe:2.3:a:djangoproject:django:1.7.1:…	1.4.17	2024-11-21 11:22 2015-01-17	Show	GitHub Exploit DB Packet Storm