Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/flask-appbuilder@3.4.1rc2
Typepypi
Namespace
Nameflask-appbuilder
Version3.4.1rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.8.1
Latest_non_vulnerable_version4.8.1
Affected_by_vulnerabilities
0
url VCID-7ek6-k8zm-97g4
vulnerability_id VCID-7ek6-k8zm-97g4
summary 
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Lack of rate limiting will allow an attacker to brute-force user credentials.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29005
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53546
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29005
1
reference_url https://flask-limiter.readthedocs.io/en/stable/configuration.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T19:35:35Z/
url https://flask-limiter.readthedocs.io/en/stable/configuration.html
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1976
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29005
reference_id CVE-2023-29005
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29005
6
reference_url https://github.com/advisories/GHSA-9hcr-9hcv-x6pv
reference_id GHSA-9hcr-9hcv-x6pv
reference_type
scores
url https://github.com/advisories/GHSA-9hcr-9hcv-x6pv
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
reference_id GHSA-9hcr-9hcv-x6pv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T19:35:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.0
purl pkg:pypi/flask-appbuilder@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8zwq-xg8n-q7g9
1
vulnerability VCID-hg35-2qm4-b7h9
2
vulnerability VCID-k3kr-tvxd-73hx
3
vulnerability VCID-nc2g-v8pn-nqcy
4
vulnerability VCID-swdd-djht-pbbh
5
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.0
aliases CVE-2023-29005, GHSA-9hcr-9hcv-x6pv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek6-k8zm-97g4
1
url VCID-7kd2-6yuh-9fe4
vulnerability_id VCID-7kd2-6yuh-9fe4
summary Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21659
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57168
published_at 2026-06-04T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57219
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21659
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:44:49Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:44:49Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21659
reference_id CVE-2022-21659
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21659
8
reference_url https://github.com/advisories/GHSA-wfjw-w6pv-8p7f
reference_id GHSA-wfjw-w6pv-8p7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wfjw-w6pv-8p7f
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.4.2
purl pkg:pypi/flask-appbuilder@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ek6-k8zm-97g4
1
vulnerability VCID-7kd2-6yuh-9fe4
2
vulnerability VCID-8zwq-xg8n-q7g9
3
vulnerability VCID-agw1-8rq2-nue5
4
vulnerability VCID-hg35-2qm4-b7h9
5
vulnerability VCID-k3kr-tvxd-73hx
6
vulnerability VCID-nc2g-v8pn-nqcy
7
vulnerability VCID-swdd-djht-pbbh
8
vulnerability VCID-t22u-emet-kugw
9
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.2
1
url pkg:pypi/flask-appbuilder@3.4.4
purl pkg:pypi/flask-appbuilder@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ek6-k8zm-97g4
1
vulnerability VCID-8zwq-xg8n-q7g9
2
vulnerability VCID-agw1-8rq2-nue5
3
vulnerability VCID-hg35-2qm4-b7h9
4
vulnerability VCID-k3kr-tvxd-73hx
5
vulnerability VCID-nc2g-v8pn-nqcy
6
vulnerability VCID-swdd-djht-pbbh
7
vulnerability VCID-t22u-emet-kugw
8
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.4
aliases CVE-2022-21659, GHSA-wfjw-w6pv-8p7f, PYSEC-2022-24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kd2-6yuh-9fe4
2
url VCID-8zwq-xg8n-q7g9
vulnerability_id VCID-8zwq-xg8n-q7g9
summary 
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41834
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
reference_id CVE-2025-32962
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
4
reference_url https://github.com/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
url https://github.com/advisories/GHSA-99pm-ch96-ccp2
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.6.2
purl pkg:pypi/flask-appbuilder@4.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.6.2
aliases CVE-2025-32962, GHSA-99pm-ch96-ccp2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zwq-xg8n-q7g9
3
url VCID-agw1-8rq2-nue5
vulnerability_id VCID-agw1-8rq2-nue5
summary Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31177
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57256
published_at 2026-06-04T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57308
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31177
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:57Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:57Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31177
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31177
6
reference_url https://github.com/advisories/GHSA-32ff-4g79-vgfc
reference_id GHSA-32ff-4g79-vgfc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32ff-4g79-vgfc
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.1.3
purl pkg:pypi/flask-appbuilder@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ek6-k8zm-97g4
1
vulnerability VCID-8zwq-xg8n-q7g9
2
vulnerability VCID-hg35-2qm4-b7h9
3
vulnerability VCID-k3kr-tvxd-73hx
4
vulnerability VCID-nc2g-v8pn-nqcy
5
vulnerability VCID-swdd-djht-pbbh
6
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.1.3
aliases CVE-2022-31177, GHSA-32ff-4g79-vgfc, GMS-2022-3340, PYSEC-2022-247
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agw1-8rq2-nue5
4
url VCID-hg35-2qm4-b7h9
vulnerability_id VCID-hg35-2qm4-b7h9
summary Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66576
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T18:41:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
reference_id CVE-2025-24023
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
5
reference_url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
reference_id GHSA-p8q5-cvwx-wvwp
reference_type
scores
url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.5.3
purl pkg:pypi/flask-appbuilder@4.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8zwq-xg8n-q7g9
1
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3
aliases CVE-2025-24023, GHSA-p8q5-cvwx-wvwp, PYSEC-2025-15
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hg35-2qm4-b7h9
5
url VCID-k3kr-tvxd-73hx
vulnerability_id VCID-k3kr-tvxd-73hx
summary Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34110
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.65029
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34110
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2045
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2045
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34110
reference_id CVE-2023-34110
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34110
8
reference_url https://github.com/advisories/GHSA-jhpr-j7cq-3jp3
reference_id GHSA-jhpr-j7cq-3jp3
reference_type
scores
url https://github.com/advisories/GHSA-jhpr-j7cq-3jp3
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.2
purl pkg:pypi/flask-appbuilder@4.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8zwq-xg8n-q7g9
1
vulnerability VCID-hg35-2qm4-b7h9
2
vulnerability VCID-nc2g-v8pn-nqcy
3
vulnerability VCID-swdd-djht-pbbh
4
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.2
aliases CVE-2023-34110, GHSA-jhpr-j7cq-3jp3, PYSEC-2023-94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3kr-tvxd-73hx
6
url VCID-nc2g-v8pn-nqcy
vulnerability_id VCID-nc2g-v8pn-nqcy
summary 
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
### Impact
When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. 

This vulnerability is only exploitable when the application is using the old (deprecated 10 years ago) OpenID 2.0 authorization protocol (which is very different from the popular OIDC - Open ID Connect - popular protocol used today). Currently, this protocol is regarded as legacy, with significantly reduced usage and not supported for several years by major authorization providers.

### Patches
Upgrade to Flask-AppBuilder 4.3.11

### Workarounds
If upgrade is not possible add the following to your config:

```
from flask import flash, redirect
from flask_appbuilder import expose
from flask_appbuilder.security.sqla.manager import SecurityManager
from flask_appbuilder.security.views import AuthOIDView
from flask_appbuilder.security.forms import LoginForm_oid

basedir = os.path.abspath(os.path.dirname(__file__))


class FixedOIDView(AuthOIDView):
    @expose("/login/", methods=["GET", "POST"])
    def login(self, flag=True):
        form = LoginForm_oid()
        if form.validate_on_submit():
            identity_url = None
            for provider in self.appbuilder.sm.openid_providers:
                if provider.get("url") == form.openid.data:
                    identity_url = form.openid.data
            if identity_url is None:
                flash(self.invalid_login_message, "warning")
                return redirect(self.appbuilder.get_url_for_login)
        return super().login(flag=flag)

class FixedSecurityManager(SecurityManager):
    authoidview = FixedOIDView


FAB_SECURITY_MANAGER_CLASS = "config.FixedSecurityManager"
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25128
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76856
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25128
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25128
reference_id CVE-2024-25128
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25128
4
reference_url https://github.com/advisories/GHSA-j2pw-vp55-fqqj
reference_id GHSA-j2pw-vp55-fqqj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j2pw-vp55-fqqj
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj
reference_id GHSA-j2pw-vp55-fqqj
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.11
purl pkg:pypi/flask-appbuilder@4.3.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8zwq-xg8n-q7g9
1
vulnerability VCID-hg35-2qm4-b7h9
2
vulnerability VCID-swdd-djht-pbbh
3
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.11
aliases CVE-2024-25128, GHSA-j2pw-vp55-fqqj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2g-v8pn-nqcy
7
url VCID-swdd-djht-pbbh
vulnerability_id VCID-swdd-djht-pbbh
summary 
Flask-AppBuilder's login form allows browser to cache sensitive fields
Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45314
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.32632
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45314
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45314
reference_id CVE-2024-45314
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45314
4
reference_url https://github.com/advisories/GHSA-fw5r-6m3x-rh7p
reference_id GHSA-fw5r-6m3x-rh7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw5r-6m3x-rh7p
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p
reference_id GHSA-fw5r-6m3x-rh7p
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.5.1
purl pkg:pypi/flask-appbuilder@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8zwq-xg8n-q7g9
1
vulnerability VCID-hg35-2qm4-b7h9
2
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.1
aliases CVE-2024-45314, GHSA-fw5r-6m3x-rh7p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swdd-djht-pbbh
8
url VCID-t22u-emet-kugw
vulnerability_id VCID-t22u-emet-kugw
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24776
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57501
published_at 2026-06-04T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57553
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24776
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804/commits/5214d975ebad2ff32057443d2cc20fef1c04d0ea
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804/commits/5214d975ebad2ff32057443d2cc20fef1c04d0ea
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24776
reference_id CVE-2022-24776
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24776
6
reference_url https://github.com/advisories/GHSA-2ccw-7px8-vmpf
reference_id GHSA-2ccw-7px8-vmpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ccw-7px8-vmpf
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
reference_id GHSA-2ccw-7px8-vmpf
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.4.5
purl pkg:pypi/flask-appbuilder@3.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ek6-k8zm-97g4
1
vulnerability VCID-8zwq-xg8n-q7g9
2
vulnerability VCID-agw1-8rq2-nue5
3
vulnerability VCID-hg35-2qm4-b7h9
4
vulnerability VCID-k3kr-tvxd-73hx
5
vulnerability VCID-nc2g-v8pn-nqcy
6
vulnerability VCID-swdd-djht-pbbh
7
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.5
aliases CVE-2022-24776, GHSA-2ccw-7px8-vmpf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t22u-emet-kugw
9
url VCID-t897-gphs-wugu
vulnerability_id VCID-t897-gphs-wugu
summary 
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08565
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
reference_id CVE-2025-58065
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
6
reference_url https://github.com/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
url https://github.com/advisories/GHSA-765j-9r45-w2q2
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.8.1
purl pkg:pypi/flask-appbuilder@4.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.8.1
aliases CVE-2025-58065, GHSA-765j-9r45-w2q2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t897-gphs-wugu
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.1rc2