pallets Summary
Latest vulnerabilities published by pallets
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Path Manipulation Vulnerability in Werkzeug Web Application Library
CVE-2025-66221PalletsWerkzeug6.3MEDIUMFlask Web Application Framework Vulnerability in Key Configuration
CVE-2025-47278PalletsFlask1.8LOWArbitrary Code Execution in Jinja Templating Engine Affecting Pallets
CVE-2025-27516PalletsJinja5.4MEDIUMVulnerability in Jinja Templating Engine Exposes Applications
CVE-2024-56326PalletsJinjaπΎπ°5.4MEDIUMVulnerabilities in Jinja Templating Engine Affecting Application Security
CVE-2024-56201PalletsJinja5.4MEDIUMWerkzeug Web Server Gateway Interface Vulnerability: Denial of Service Attack via Maliciously Formatted Submission
CVE-2024-49767PalletsWerkzeug7.5HIGHPotential Security Vulnerability in Werkzeug's os.path.isabs() Function
CVE-2024-49766PalletsWerkzeug6.3MEDIUMWerkzeug Debugger Vulnerability Allows Attacker to Execute Code on Developer's Machine
CVE-2024-34069PalletsWerkzeugEPSS 40%7.5HIGHJinja Templating Engine Vulnerable to XSS Attacks
CVE-2024-34064PalletsJinja5.4MEDIUMJinja vulnerable to Cross-Site Scripting (XSS)
CVE-2024-22195PalletsJinja5.4MEDIUMWerkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
CVE-2023-46136PalletsWerkzeugπΎπ‘8HIGHFlask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
CVE-2023-30861PalletsFlaskπΎπ‘7.5HIGHWrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
CVE-2023-23934PalletsWerkzeug2.6LOWWerkzeug may allow high resource usage when parsing multipart form data with many fields
CVE-2023-25577PalletsWerkzeug7.5HIGHDenial of Service in Flask by Pallets Project
CVE-2019-1010083The Pallets ProjectFlask7.5HIGH