Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/44432?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/44432?format=api", "purl": "pkg:pypi/flask-appbuilder@4.3.11", "type": "pypi", "namespace": "", "name": "flask-appbuilder", "version": "4.3.11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.8.1", "latest_non_vulnerable_version": "4.8.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57305?format=api", "vulnerability_id": "VCID-8zwq-xg8n-q7g9", "summary": "Flask-AppBuilder open redirect vulnerability using HTTP host injection\nFlask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41834", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32962" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32962", "reference_id": "CVE-2025-32962", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32962" }, { "reference_url": "https://github.com/advisories/GHSA-99pm-ch96-ccp2", "reference_id": "GHSA-99pm-ch96-ccp2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-99pm-ch96-ccp2" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2", "reference_id": "GHSA-99pm-ch96-ccp2", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85150?format=api", "purl": "pkg:pypi/flask-appbuilder@4.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t897-gphs-wugu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.6.2" } ], "aliases": [ "CVE-2025-32962", "GHSA-99pm-ch96-ccp2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zwq-xg8n-q7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36980?format=api", "vulnerability_id": "VCID-hg35-2qm4-b7h9", "summary": "Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24023" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T18:41:12Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24023", "reference_id": "CVE-2025-24023", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24023" }, { "reference_url": "https://github.com/advisories/GHSA-p8q5-cvwx-wvwp", "reference_id": "GHSA-p8q5-cvwx-wvwp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p8q5-cvwx-wvwp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44444?format=api", "purl": "pkg:pypi/flask-appbuilder@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zwq-xg8n-q7g9" }, { "vulnerability": "VCID-t897-gphs-wugu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3" } ], "aliases": [ "CVE-2025-24023", "GHSA-p8q5-cvwx-wvwp", "PYSEC-2025-15" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hg35-2qm4-b7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55778?format=api", "vulnerability_id": "VCID-swdd-djht-pbbh", "summary": "Flask-AppBuilder's login form allows browser to cache sensitive fields\nAuth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32632", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45314" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45314", "reference_id": "CVE-2024-45314", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45314" }, { "reference_url": "https://github.com/advisories/GHSA-fw5r-6m3x-rh7p", "reference_id": "GHSA-fw5r-6m3x-rh7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw5r-6m3x-rh7p" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p", "reference_id": "GHSA-fw5r-6m3x-rh7p", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44440?format=api", "purl": "pkg:pypi/flask-appbuilder@4.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zwq-xg8n-q7g9" }, { "vulnerability": "VCID-hg35-2qm4-b7h9" }, { "vulnerability": "VCID-t897-gphs-wugu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.1" } ], "aliases": [ "CVE-2024-45314", "GHSA-fw5r-6m3x-rh7p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swdd-djht-pbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58166?format=api", "vulnerability_id": "VCID-t897-gphs-wugu", "summary": "Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods\nWhen Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08565", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58065" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/2384", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/pull/2384" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58065", "reference_id": "CVE-2025-58065", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58065" }, { "reference_url": "https://github.com/advisories/GHSA-765j-9r45-w2q2", "reference_id": "GHSA-765j-9r45-w2q2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-765j-9r45-w2q2" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2", "reference_id": "GHSA-765j-9r45-w2q2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86568?format=api", "purl": "pkg:pypi/flask-appbuilder@4.8.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.8.1" } ], "aliases": [ "CVE-2025-58065", "GHSA-765j-9r45-w2q2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t897-gphs-wugu" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47145?format=api", "vulnerability_id": "VCID-nc2g-v8pn-nqcy", "summary": "Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID\n### Impact\nWhen Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. \n\nThis vulnerability is only exploitable when the application is using the old (deprecated 10 years ago) OpenID 2.0 authorization protocol (which is very different from the popular OIDC - Open ID Connect - popular protocol used today). Currently, this protocol is regarded as legacy, with significantly reduced usage and not supported for several years by major authorization providers.\n\n### Patches\nUpgrade to Flask-AppBuilder 4.3.11\n\n### Workarounds\nIf upgrade is not possible add the following to your config:\n\n```\nfrom flask import flash, redirect\nfrom flask_appbuilder import expose\nfrom flask_appbuilder.security.sqla.manager import SecurityManager\nfrom flask_appbuilder.security.views import AuthOIDView\nfrom flask_appbuilder.security.forms import LoginForm_oid\n\nbasedir = os.path.abspath(os.path.dirname(__file__))\n\n\nclass FixedOIDView(AuthOIDView):\n @expose(\"/login/\", methods=[\"GET\", \"POST\"])\n def login(self, flag=True):\n form = LoginForm_oid()\n if form.validate_on_submit():\n identity_url = None\n for provider in self.appbuilder.sm.openid_providers:\n if provider.get(\"url\") == form.openid.data:\n identity_url = form.openid.data\n if identity_url is None:\n flash(self.invalid_login_message, \"warning\")\n return redirect(self.appbuilder.get_url_for_login)\n return super().login(flag=flag)\n\nclass FixedSecurityManager(SecurityManager):\n authoidview = FixedOIDView\n\n\nFAB_SECURITY_MANAGER_CLASS = \"config.FixedSecurityManager\"\n```", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0096", "scoring_system": "epss", "scoring_elements": "0.76856", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25128" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25128", "reference_id": "CVE-2024-25128", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25128" }, { "reference_url": "https://github.com/advisories/GHSA-j2pw-vp55-fqqj", "reference_id": "GHSA-j2pw-vp55-fqqj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j2pw-vp55-fqqj" }, { "reference_url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj", "reference_id": "GHSA-j2pw-vp55-fqqj", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/" } ], "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44432?format=api", "purl": "pkg:pypi/flask-appbuilder@4.3.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zwq-xg8n-q7g9" }, { "vulnerability": "VCID-hg35-2qm4-b7h9" }, { "vulnerability": "VCID-swdd-djht-pbbh" }, { "vulnerability": "VCID-t897-gphs-wugu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.11" } ], "aliases": [ "CVE-2024-25128", "GHSA-j2pw-vp55-fqqj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2g-v8pn-nqcy" } ], "risk_score": "2.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.11" }