VYPR

Flask

by Pallets

pypi: flask

Source repositories

CVEs (3)

  • CVE-2023-30861HigMay 2, 2023
    risk 0.42cvss 7.5epss 0.01

    Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send…

  • CVE-2025-47278LowMay 13, 2025
    risk 0.05cvss epss 0.00

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous`…

  • CVE-2026-27205Feb 21, 2026
    risk 0.00cvss epss 0.00

    Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs…