Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pallets — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting pallets. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by pallets:werkzeugjinjaflask
CVE IDTitleCVSSSeverityPublished
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways — flaskCWE-524 7.5AIHighAI2026-02-21
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names — werkzeugCWE-67 7.5AIHighAI2026-02-21
CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions — werkzeugCWE-67 7.5 -2026-01-08
CVE-2025-66221 Werkzeug safe_join() allows Windows special device names — werkzeugCWE-67--2025-11-29
CVE-2025-47278 Flask uses fallback key instead of current signing key — flaskCWE-683 7.5AIHighAI2025-05-13
CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method — jinjaCWE-1336 9.8 -2025-03-05
CVE-2024-56326 Jinja has a sandbox breakout through indirect reference to format method — jinjaCWE-1336 8.8 -2024-12-23
CVE-2024-56201 Jinja has a sandbox breakout through malicious filenames — jinjaCWE-150 8.1 -2024-12-23
CVE-2024-49767 Werkzeug possible resource exhaustion when parsing file data in forms — werkzeugCWE-400 7.5 -2024-10-25
CVE-2024-49766 Werkzeug safe_join not safe on Windows — werkzeugCWE-22 7.5 -2024-10-25
CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution — werkzeugCWE-352 7.5 High2024-05-06
CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter — jinjaCWE-79 5.4 Medium2024-05-06
CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS) — jinjaCWE-79 5.4 Medium2024-01-11
CVE-2023-46136 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning — werkzeugCWE-407 8.0 High2023-10-24
CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header — flaskCWE-539 7.5 High2023-05-02
CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields — werkzeugCWE-770 7.5 High2023-02-14
CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass — werkzeugCWE-20 2.6 Low2023-02-14

This page lists every published CVE security advisory associated with pallets. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.