Search for packages
| purl | pkg:pypi/flask-appbuilder@4.2.1rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hg35-2qm4-b7h9
Aliases: CVE-2025-24023 GHSA-p8q5-cvwx-wvwp PYSEC-2025-15 |
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3. |
Affected by 0 other vulnerabilities. |
|
VCID-k3kr-tvxd-73hx
Aliases: CVE-2023-34110 GHSA-jhpr-j7cq-3jp3 PYSEC-2023-94 |
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:22:49.480379+00:00 | Pypa Importer | Affected by | VCID-hg35-2qm4-b7h9 | https://github.com/pypa/advisory-database/blob/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml | 38.6.0 |
| 2026-06-02T04:18:58.022625+00:00 | Pypa Importer | Affected by | VCID-k3kr-tvxd-73hx | https://github.com/pypa/advisory-database/blob/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml | 38.6.0 |