Django Weblog: Django is now a CVE Numbering Authority (CNA)

We’re proud to announce the Django Software Foundation has been authorized by the CVE Program as aCVE Numbering Authority (CNA)!

What it means for Django to be a CNA

Oursecurity teamdeals with vulnerability reports on a daily basis, and every so often some turn out to be real vulnerabilities for us to fix and publish. CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. As a CNA, we are more autonomous through this process. For full details, see our scope on thenew CVE Numbering Authority page.

How to report a vulnerability

For reporters, our process remains completely unchanged: to report a security issue in Django, please follow oursecurity policiesto report over email at security@djangoproject.com.

How our CNA operates

Our CNA is currently run within our existing security team, with support from the foundation’s President and Vice President. Day to day, theDjango Fellowstake care of CNA activities. Checkour CNA pagefor more information and ways to contact us about CNA matters.

—

Thank you to Natalia Bidart for initiating our application process to become a CNA! And if you have feedback or questions, come say hi on the Django forum inDjango as a CNA.

https://www.djangoproject.com/weblog/2025/oct/30/django-is-now-a-cve-numbering-authority-cna/

Follow us:

Applications

COMPANY

PRODUCTS

COMMUNITY

CHOOSE LANGUAGE