Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2016-1000001
flask-oidc version 0.1.2 and previous versions is vulnerable to an open redirect
Flask-oidc Project Flask-oidc
NA
CVE-2022-31177
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions before 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password...
Flask-appbuilder Project Flask-appbuilder
NA
CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu...
Flask-security Project Flask-security
NA
CVE-2023-29005
Flask-AppBuilder versions prior to 4.3.0 lack rate limiting which can allow an malicious user to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`...
Flask-appbuilder Project Flask-appbuilder
5.8
CVSSv2
CVE-2021-23401
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex...
Flask-user Project Flask-user
4.3
CVSSv2
CVE-2018-16516
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
Flask-admin Project Flask-admin 1.5.2
6.4
CVSSv2
CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-file-server Project Flask-file-server
6.4
CVSSv2
CVE-2022-31549
The olmax99/helm-flask-celery repository prior to 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Helm-flask-celery Project Helm-flask-celery
5
CVSSv2
CVE-2022-24880
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions before 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). ...
Flask-session-captcha Project Flask-session-captcha
NA
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »