Summary iPlain-English security verdict for Django, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Django currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 6.0.6. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Django each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2022-34265 CRITICAL SQL injection EPSS 73% → fixed in 4.0.6 CVE-2020-7471 CRITICAL SQL injection EPSS 65% → fixed in 3.0.3 CVE-2023-24580 HIGH Uncontrolled resource consumption EPSS 63% → fixed in 4.1.7 CVE-2023-46695 HIGH Resource exhaustion EPSS 50% → fixed in 4.2.7 CVE-2022-23833 HIGH CWE-835 EPSS 49% → fixed in 4.0.2 CVE-2023-23969 HIGH Resource exhaustion EPSS 47% → fixed in 4.1.6 CVE-2019-14234 CRITICAL SQL injection EPSS 46% → fixed in 2.2.4 CVE-2021-35042 CRITICAL SQL injection EPSS 44% → fixed in 3.2.5 CVE-2021-23336 MEDIUM CWE-444 EPSS 37% → fixed in 3.1.7 CVE-2019-19844 CRITICAL CWE-640 EPSS 35% → fixed in 2.2.9 CVE-2024-39614 HIGH CWE-130 EPSS 30% → fixed in 5.0.7 CVE-2025-64459 CRITICAL SQL injection EPSS 19% → fixed in 5.2.8Get alerted about Django
Be emailed the moment Django gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Django — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Django release line is supported — and when it sunsets. Select a line for its full report.
Full Django end-of-life dates & support timeline →
6.0 latest 6.0.6 Supported until 2027-04-306.0.6 → 5.2 latest 5.2.15 Supported until 2028-04-305.2.15 → 5.1 latest 5.1.15 End of life ended 2025-12-035.1.15 → 5.0 latest 5.0.14 End of life ended 2025-04-025.0.14 → 4.2 latest 4.2.30 End of life ended 2026-04-074.2.30 → 4.1 latest 4.1.13 End of life ended 2023-12-014.1.13 → 4.0 latest 4.0.10 End of life ended 2023-04-014.0.10 → 3.2 latest 3.2.25 End of life ended 2024-04-013.2.25 → 3.1 latest 3.1.14 End of life ended 2021-12-073.1.14 → 3.0 latest 3.0.14 End of life ended 2021-04-063.0.14 → See all upcoming end-of-life dates →Frequently asked
Is Django safe and patched?
Django currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 6.0.6. It's on the latest patch with no significant known issues — keep it current.
What should I do about Django now?
Upgrade Django to the latest supported release (6.0.6) or later and apply available security updates, then confirm against Django's official advisory.
When does Django reach end-of-life?
The latest supported Django release is 6.0.6. After end-of-life a release no longer receives security patches.
Which versions of Django are still receiving security updates?
Supported Django release lines (latest 6.0.6): 6.0, 5.2. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Django's official advisory before you patch or upgrade — Django official site ↗