Vulnerabilities > Palletsprojects > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2024-49767 | Unspecified vulnerability in Palletsprojects Werkzeug Werkzeug is a Web Server Gateway Interface web application library. | 7.5 |
| 2023-10-25 | CVE-2023-46136 | Out-of-bounds Write vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
| 2023-05-02 | CVE-2023-30861 | Unspecified vulnerability in Palletsprojects Flask Flask is a lightweight WSGI web application framework. | 7.5 |
| 2023-02-14 | CVE-2023-25577 | Unspecified vulnerability in Palletsprojects Werkzeug Werkzeug is a comprehensive WSGI web application library. | 7.5 |
| 2019-08-09 | CVE-2019-14806 | Insufficient Entropy vulnerability in multiple products Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 |
| 2019-07-28 | CVE-2019-14322 | Path Traversal vulnerability in Palletsprojects Werkzeug In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | 7.5 |
| 2019-07-17 | CVE-2019-1010083 | Unspecified vulnerability in Palletsprojects Flask The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. | 7.5 |
| 2019-04-08 | CVE-2016-10745 | Use of Externally-Controlled Format String vulnerability in Palletsprojects Jinja In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | 8.6 |
| 2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 |
| 2018-08-20 | CVE-2018-1000656 | Improper Input Validation vulnerability in multiple products The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. | 7.5 |