VYPR

Vendor CVEs

Pallets

All CVEs

25 total · sorted by risk
  • CVE-2019-8341CriFeb 15, 2019
    risk 0.70cvss 9.8epss 0.45

    An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE:…

  • CVE-2015-8768CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.03

    click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.

  • CVE-2019-10906HigApr 7, 2019
    risk 0.56cvss 8.6epss 0.04

    In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

  • CVE-2016-10745HigApr 8, 2019
    risk 0.49cvss 8.6epss 0.03

    In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

  • CVE-2023-46136HigOct 25, 2023
    risk 0.45cvss 8.0epss 0.01

    Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes…

  • CVE-2023-30861HigMay 2, 2023
    risk 0.42cvss 7.5epss 0.01

    Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send…

  • CVE-2023-25577HigFeb 14, 2023
    risk 0.42cvss 7.5epss 0.01

    Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more…

  • CVE-2026-7246HigApr 30, 2026
    risk 0.40cvss 7.2epss 0.01

    Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

  • CVE-2015-5215MedFeb 17, 2020
    risk 0.40cvss 6.1epss 0.01

    The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE:…

  • CVE-2016-10516MedOct 23, 2017
    risk 0.33cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an…

  • CVE-2024-22195MedJan 11, 2024
    risk 0.28cvss 5.4epss 0.01

    Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr`…

  • CVE-2023-23934LowFeb 14, 2023
    risk 0.10cvss 2.6epss 0.01

    Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like…

  • CVE-2025-47278LowMay 13, 2025
    risk 0.05cvss epss 0.00

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous`…

  • CVE-2022-29361CriMay 25, 2022
    risk 0.01cvss 9.8epss 0.08

    Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported…

  • CVE-2026-27205Feb 21, 2026
    risk 0.00cvss epss 0.00

    Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs…

  • CVE-2026-27199Feb 21, 2026
    risk 0.00cvss epss 0.01

    Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account…

  • CVE-2026-21860Jan 8, 2026
    risk 0.00cvss epss 0.00

    Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are…

  • CVE-2025-66221Nov 29, 2025
    risk 0.00cvss epss 0.00

    Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every…

  • CVE-2025-27516Mar 5, 2025
    risk 0.00cvss epss 0.00

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker…

  • CVE-2024-56326Dec 23, 2024
    risk 0.00cvss epss 0.01

    Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs…

  • CVE-2024-56201Dec 23, 2024
    risk 0.00cvss epss 0.00

    Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit…

  • CVE-2024-49767Oct 25, 2024
    risk 0.00cvss epss 0.01

    Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively…

  • CVE-2024-49766Oct 25, 2024
    risk 0.00cvss epss 0.01

    Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended…

  • CVE-2024-34069May 6, 2024
    risk 0.00cvss epss 0.03

    Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and…

  • CVE-2024-34064May 6, 2024
    risk 0.00cvss epss 0.01

    Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an…