Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/flask-appbuilder@3.4.2rc1

Type pypi

Namespace

Name flask-appbuilder

Version 3.4.2rc1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.5.3

Latest_non_vulnerable_version 4.8.1

Affected_by_vulnerabilities

url VCID-7kd2-6yuh-9fe4

vulnerability_id VCID-7kd2-6yuh-9fe4

summary Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21659

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.57168
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21659

reference_url

https://github.com/dpgaspar/Flask-AppBuilder

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/pull/1775

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/pull/1775

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21659

reference_id

CVE-2022-21659

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21659

reference_url	https://github.com/advisories/GHSA-wfjw-w6pv-8p7f
reference_id	GHSA-wfjw-w6pv-8p7f
reference_type
scores
url	https://github.com/advisories/GHSA-wfjw-w6pv-8p7f

fixed_packages

url pkg:pypi/flask-appbuilder@3.4.2

purl pkg:pypi/flask-appbuilder@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-agw1-8rq2-nue5

vulnerability	VCID-hg35-2qm4-b7h9

vulnerability	VCID-k3kr-tvxd-73hx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.2

url pkg:pypi/flask-appbuilder@3.4.4

purl pkg:pypi/flask-appbuilder@3.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-agw1-8rq2-nue5

vulnerability	VCID-hg35-2qm4-b7h9

vulnerability	VCID-k3kr-tvxd-73hx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.4

aliases CVE-2022-21659, GHSA-wfjw-w6pv-8p7f, PYSEC-2022-24

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kd2-6yuh-9fe4

url VCID-agw1-8rq2-nue5

vulnerability_id VCID-agw1-8rq2-nue5

summary Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31177

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.57256
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31177

reference_url

https://github.com/dpgaspar/Flask-AppBuilder

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31177

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31177

fixed_packages

url pkg:pypi/flask-appbuilder@4.1.3

purl pkg:pypi/flask-appbuilder@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hg35-2qm4-b7h9

vulnerability	VCID-k3kr-tvxd-73hx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.1.3

aliases CVE-2022-31177, GHSA-32ff-4g79-vgfc, PYSEC-2022-247

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agw1-8rq2-nue5

url VCID-hg35-2qm4-b7h9

vulnerability_id VCID-hg35-2qm4-b7h9

summary Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

references

reference_url

https://github.com/dpgaspar/Flask-AppBuilder

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24023

reference_id

CVE-2025-24023

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24023

reference_url	https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
reference_id	GHSA-p8q5-cvwx-wvwp
reference_type
scores
url	https://github.com/advisories/GHSA-p8q5-cvwx-wvwp

fixed_packages

url	pkg:pypi/flask-appbuilder@4.5.3
purl	pkg:pypi/flask-appbuilder@4.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3

aliases CVE-2025-24023, GHSA-p8q5-cvwx-wvwp, PYSEC-2025-15

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hg35-2qm4-b7h9

url VCID-k3kr-tvxd-73hx

vulnerability_id VCID-k3kr-tvxd-73hx

summary Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.

references

reference_url

https://github.com/dpgaspar/Flask-AppBuilder

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/pull/2045

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/pull/2045

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2

reference_url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-34110

reference_id

CVE-2023-34110

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-34110

reference_url	https://github.com/advisories/GHSA-jhpr-j7cq-3jp3
reference_id	GHSA-jhpr-j7cq-3jp3
reference_type
scores
url	https://github.com/advisories/GHSA-jhpr-j7cq-3jp3

fixed_packages

url pkg:pypi/flask-appbuilder@4.3.2

purl pkg:pypi/flask-appbuilder@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hg35-2qm4-b7h9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.2

aliases CVE-2023-34110, GHSA-jhpr-j7cq-3jp3, PYSEC-2023-94

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3kr-tvxd-73hx

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.2rc1

Package Instance