Software Detail

Software Informaton Top

Framework

Software Detail

Django

Number Of NVD

112

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.djangoproject.com/
Explanation	It is a web application framework written in Python. Django uses the "A.B.C" format for versioning. A.B" is for feature releases, and "C" is for patches, which are used for bug fixes and security fixes. Feature releases are released at intervals of about eight months. There are releases that are covered by long-term support, such as security releases, which are guaranteed for three years. Long-term support covers A.2". A.2" is the version with ".2".
Tag	Python オープンソース BSD License

Add Information URL

No	Type	Name	URL
1			https://www.djangoproject.com/download/
2			https://djangoproject.jp/
3			https://docs.djangoproject.com/en/dev/internals/release-process/
4			https://github.com/django/django

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Extended for a fee	Critical	High	Medium	Low
81	Django5.0	5.0.14	April 2, 2025	Dec. 4, 2023	Aug. 31, 2022	April 30, 2025	0	4	1	0
82	Django4.2 LTS	4.2.26	Nov. 5, 2025	April 1, 2023	Dec. 31, 2023	April 30, 2026	2	10	2	1
83	Django4.1	4.1.13	Nov. 1, 2023	Aug. 1, 2022	April 30, 2023	Dec. 31, 2023	1	7	0	0
84	Django4.0	4.0.10	Feb. 14, 2023	Dec. 1, 2021	Aug. 31, 2022	April 30, 2023	4	8	2	0
85	Django3.2 LTS	3.2.25	March 4, 2024	April 6, 2021	Dec. 31, 2021	April 30, 2024	5	15	4	0
86	Django3.1	3.1.13	July 1, 2021	Aug. 4, 2020	April 30, 2021	Dec. 31, 2021	1	5	5	0
87	Django3.0	3.0.14	April 6, 2021	Dec. 2, 2019	Aug. 31, 2020	April 30, 2021	2	4	6	0
88	Django2.2 LTS	2.2.28	April 11, 2022	April 1, 2019	Dec. 2, 2019	April 30, 2022	5	12	12	0
89	Django2.1	2.1.15	Dec. 2, 2019	Aug. 1, 2018	April 1, 2019	Dec. 2, 2019	1	4	6	0
90	Django2.0 LTS	2.0.9	Feb. 12, 2019	Dec. 3, 2017	Aug. 1, 2018	April 1, 2019	0	2	5	0
91	Django1.11 LTS	1.11.29	March 4, 2020	April 5, 2017	April 1, 2017	April 1, 2020	3	6	8	0
92	Django1.9	1.9.13	April 1, 2017	Dec. 1, 2015	Aug. 31, 2016	April 30, 2017	4	8	12	1
93	Django1.8	1.8.19	March 6, 2018	April 2, 2015	Dec. 1, 2015	April 1, 2018	2	5	14	1
94	Django1.7	1.7.11	Nov. 24, 2015	Sept. 2, 2014	Jan. 1, 1900		1	3	20	1
95	Django1.6	1.6.11	March 18, 2015	Nov. 6, 2013	Jan. 1, 1900		1	3	22	1
96	Django1.5	1.5.12	Jan. 2, 2015	Feb. 26, 2013	Jan. 1, 1900		1	3	19	1
97	Django1.4	1.4.22	Aug. 18, 2015	March 23, 2012	Jan. 1, 1900		1	3	28	1
98	Django1.3	1.3.7	Feb. 20, 2013	March 23, 2011	Jan. 1, 1900		1	2	28	1
99	Django1.2	1.2.7	Sept. 10, 2011	May 17, 2010	Jan. 1, 1900		1	3	28	1
100	Django1.2-alpha1	1.2-alpha1	Jan. 1, 1900		Jan. 1, 1900		0	0	4	0
101	Django1.10	1.10.8	Jan. 1, 1900		April 30, 2017	Nov. 30, 2017	2	1	5	0
102	Django1.1	1.1.4	Jan. 1, 1900		Jan. 1, 1900		2	5	33	1
103	Django1.0	1.0.2	Jan. 1, 1900		Jan. 1, 1900		1	2	26	1
104	Django0.96	0.96	Jan. 1, 1900		Jan. 1, 1900		1	2	25	1
105	Django0.95	0.95	July 1, 2006		Jan. 1, 1900		1	2	25	1

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
81	- 5.0	MEDIUM	Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,…	CWE-17 Code	CVE-2015-0219	cpe:2.3:a:djangoproject:django:1.7:* cpe:2.3:a:djangoproject:django:1.7.2:* cpe:2.3:a:djangoproject:django:1.7.1:…	1.4.17	2024-11-21 11:22 2015-01-17	Show	GitHub Exploit DB Packet Storm

82	- 3.5	LOW	The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship be…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-0483	cpe:2.3:a:djangoproject:django:1.7:rc2 cpe:2.3:a:djangoproject:django:1.7:rc1 cpe:2.3:a:djangoproject:django:1.7:…	1.4.13	2024-11-21 11:02 2014-08-26	Show	GitHub Exploit DB Packet Storm

83	- 6.0	MEDIUM	The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.R…	CWE-287 Improper Authentication	CVE-2014-0482	cpe:2.3:a:djangoproject:django:1.7:rc2 cpe:2.3:a:djangoproject:django:1.7:rc1 cpe:2.3:a:djangoproject:django:1.7:…	1.4.13	2024-11-21 11:02 2014-08-26	Show	GitHub Exploit DB Packet Storm

84	- 4.3	MEDIUM	The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generatio…	CWE-399 Resource Management Errors	CVE-2014-0481	cpe:2.3:a:djangoproject:django:1.7:rc2 cpe:2.3:a:djangoproject:django:1.7:rc1 cpe:2.3:a:djangoproject:django:1.7:…	1.4.13	2024-11-21 11:02 2014-08-26	Show	GitHub Exploit DB Packet Storm

85	- 5.8	MEDIUM	The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attacke…	CWE-20 Improper Input Validation	CVE-2014-0480	cpe:2.3:a:djangoproject:django:1.7:rc2 cpe:2.3:a:djangoproject:django:1.7:rc1 cpe:2.3:a:djangoproject:django:1.7:…	1.4.13	2024-11-21 11:02 2014-08-26	Show	GitHub Exploit DB Packet Storm

86	- 4.3	MEDIUM	The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to condu…	CWE-20 Improper Input Validation	CVE-2014-3730	cpe:2.3:a:djangoproject:django:1.7:beta3 cpe:2.3:a:djangoproject:django:1.7:beta2 cpe:2.3:a:djangoproject:django:…		2024-11-21 11:08 2014-05-17	Show	GitHub Exploit DB Packet Storm

87	- 6.4	MEDIUM	Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attacke…	NVD-CWE-noinfo	CVE-2014-1418	cpe:2.3:a:djangoproject:django:1.7:beta3 cpe:2.3:a:djangoproject:django:1.7:beta2 cpe:2.3:a:djangoproject:django:…		2024-11-21 11:04 2014-05-17	Show	GitHub Exploit DB Packet Storm

88	- 10.0	HIGH	The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not proper…	CWE-399 Resource Management Errors	CVE-2014-0474	cpe:2.3:a:djangoproject:django:1.7:beta1 cpe:2.3:a:djangoproject:django:1.7:alpha2 cpe:2.3:a:djangoproject:django…	1.4.10	2024-11-21 11:02 2014-04-24	Show	GitHub Exploit DB Packet Storm

89	- 5.0	MEDIUM	The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-0473	cpe:2.3:a:djangoproject:django:1.7:beta1 cpe:2.3:a:djangoproject:django:1.7:alpha2 cpe:2.3:a:djangoproject:django…	1.4.10	2024-11-21 11:02 2014-04-24	Show	GitHub Exploit DB Packet Storm

90	- 5.1	MEDIUM	The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Pyth…	CWE-94 Code Injection	CVE-2014-0472	cpe:2.3:a:djangoproject:django:1.7:beta1 cpe:2.3:a:djangoproject:django:1.7:alpha2 cpe:2.3:a:djangoproject:django…	1.4.10	2024-11-21 11:02 2014-04-24	Show	GitHub Exploit DB Packet Storm