| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27205 | Flask session does not add `Vary: Cookie` header when accessed in some ways | pallets | flask | - | - | 2026-02-21 05:21:17 | Deep Dive |
| CVE-2026-27199 | Werkzeug safe_join() allows Windows special device names | pallets | werkzeug | - | - | 2026-02-21 05:15:53 | Deep Dive |
| CVE-2026-21860 | Werkzeug safe_join() allows Windows special device names with compound extensions | pallets | werkzeug | 中危 | - | 2026-01-08 18:34:05 | Deep Dive |
| CVE-2025-66221 | Werkzeug safe_join() allows Windows special device names | pallets | werkzeug | 中危 | - | 2025-11-29 02:28:35 | Deep Dive |
| CVE-2025-47278 | Flask uses fallback key instead of current signing key | pallets | flask | - | - | 2025-05-13 15:57:40 | Deep Dive |
| CVE-2025-27516 | Jinja sandbox breakout through attr filter selecting format method | pallets | jinja | 高危 | - | 2025-03-05 20:40:07 | Deep Dive |
| CVE-2024-56326 | Jinja has a sandbox breakout through indirect reference to format method | pallets | jinja | 高危 | - | 2024-12-23 15:43:49 | Deep Dive |
| CVE-2024-56201 | Jinja has a sandbox breakout through malicious filenames | pallets | jinja | 高危 | - | 2024-12-23 15:37:36 | Deep Dive |
| CVE-2024-49767 | Werkzeug possible resource exhaustion when parsing file data in forms | pallets | werkzeug | 中危 | - | 2024-10-25 19:41:35 | Deep Dive |
| CVE-2024-49766 | Werkzeug safe_join not safe on Windows | pallets | werkzeug | 低危 | - | 2024-10-25 19:22:36 | Deep Dive |
| CVE-2024-34069 | Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution | pallets | werkzeug | High | 7.5 | 2024-05-06 14:44:39 | Deep Dive |
| CVE-2024-34064 | Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter | pallets | jinja | Medium | 5.4 | 2024-05-06 14:41:40 | Deep Dive |
| CVE-2024-22195 | Jinja vulnerable to Cross-Site Scripting (XSS) | pallets | jinja | Medium | 5.4 | 2024-01-11 02:25:44 | Deep Dive |
| CVE-2023-46136 | Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning | pallets | werkzeug | High | 8.0 | 2023-10-24 23:48:57 | Deep Dive |
| CVE-2023-30861 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header | pallets | flask | High | 7.5 | 2023-05-02 17:04:22 | Deep Dive |
| CVE-2023-25577 | Werkzeug may allow high resource usage when parsing multipart form data with many fields | pallets | werkzeug | High | 7.5 | 2023-02-14 19:56:26 | Deep Dive |
| CVE-2023-23934 | Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass | pallets | werkzeug | Low | 2.6 | 2023-02-14 19:56:23 | Deep Dive |
| CVE-2019-1010083 | Pallets Project Flask 资源管理错误漏洞 | The Pallets Project | Flask | 高危 | - | 2019-07-17 13:59:09 | Deep Dive |