Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-23393
This affects the package Flask-Unchained prior to 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exp...
Flask Unchained Project Flask Unchained
9.3
CVSSv3
CVE-2022-31559
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-yeoman Project Flask-yeoman
7.4
CVSSv3
CVE-2016-1000001
flask-oidc version 0.1.2 and previous versions is vulnerable to an open redirect
Flask-oidc Project Flask-oidc
8.8
CVSSv3
CVE-2021-41265
Flask-AppBuilder is a development framework built on top of Flask. Verions before 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existi...
Flask-appbuilder Project Flask-appbuilder
2.7
CVSSv3
CVE-2023-34110
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back t...
Flask-appbuilder Project Flask-appbuilder
6.1
CVSSv3
CVE-2018-16516
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
Flask-admin Project Flask-admin 1.5.2
6.1
CVSSv3
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
7.4
CVSSv3
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before ver...
Flask-security-too Project Flask-security-too
5.3
CVSSv3
CVE-2022-24880
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions before 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). ...
Flask-session-captcha Project Flask-session-captcha
9.3
CVSSv3
CVE-2022-31549
The olmax99/helm-flask-celery repository prior to 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Helm-flask-celery Project Helm-flask-celery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »