Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/werkzeug@0.7.2

Type pypi

Namespace

Name werkzeug

Version 0.7.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.1.6

Latest_non_vulnerable_version 3.1.6

Affected_by_vulnerabilities

url VCID-2xan-3t6x-augk

vulnerability_id VCID-2xan-3t6x-augk

summary

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14806.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14806.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14806

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49553
published_at	2026-06-11T12:55:00Z

value	0.00259
scoring_system	epss
scoring_elements	0.49689
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168

reference_url

https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml

reference_url

https://palletsprojects.com/blog/werkzeug-0-15-3-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://palletsprojects.com/blog/werkzeug-0-15-3-released

reference_url	https://palletsprojects.com/blog/werkzeug-0-15-3-released/
reference_id
reference_type
scores
url	https://palletsprojects.com/blog/werkzeug-0-15-3-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1771359
reference_id	1771359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1771359

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
reference_id	940935
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14806

reference_id

CVE-2019-14806

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14806

reference_url

https://github.com/advisories/GHSA-gq9m-qvpx-68hc

reference_id

GHSA-gq9m-qvpx-68hc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gq9m-qvpx-68hc

reference_url	https://usn.ubuntu.com/4655-1/
reference_id	USN-4655-1
reference_type
scores
url	https://usn.ubuntu.com/4655-1/

fixed_packages

url pkg:pypi/werkzeug@0.15.3

purl pkg:pypi/werkzeug@0.15.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-ba3h-azsk-w7gh

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-uxg1-gcc9-zffq

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.3

aliases CVE-2019-14806, GHSA-gq9m-qvpx-68hc, PYSEC-2019-140

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xan-3t6x-augk

url VCID-8nxt-dhqc-fbda

vulnerability_id VCID-8nxt-dhqc-fbda

summary Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html

reference_url	https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168
reference_id
reference_type
scores
url	https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168

reference_url	https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246
reference_id
reference_type
scores
url	https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246

reference_url	https://palletsprojects.com/blog/werkzeug-0-15-3-released/
reference_id
reference_type
scores
url	https://palletsprojects.com/blog/werkzeug-0-15-3-released/

fixed_packages

url pkg:pypi/werkzeug@0.15.3

purl pkg:pypi/werkzeug@0.15.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-ba3h-azsk-w7gh

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-uxg1-gcc9-zffq

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.3

aliases PYSEC-2019-70

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nxt-dhqc-fbda

url VCID-93gv-5paq-u3fp

vulnerability_id VCID-93gv-5paq-u3fp

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34069.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34069.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34069

reference_id

reference_type

scores

value	0.4365
scoring_system	epss
scoring_elements	0.97604
published_at	2026-06-11T12:55:00Z

value	0.4365
scoring_system	epss
scoring_elements	0.97612
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34069

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00026.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ

reference_url

https://security.netapp.com/advisory/ntap-20240614-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240614-0004

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070711
reference_id	1070711
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070711

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2279451
reference_id	2279451
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2279451

reference_url

https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692

reference_id

3386395b24c7371db11a5b8eaac0c91da5362692

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/

url

https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-34069

reference_id

CVE-2024-34069

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-34069

reference_url

https://github.com/advisories/GHSA-2g68-c3qc-8985

reference_id

GHSA-2g68-c3qc-8985

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2g68-c3qc-8985

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985

reference_id

GHSA-2g68-c3qc-8985

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/

reference_id

H4SH32AM3CTPMAAEOIDAN7VU565LO4IR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/

reference_id

HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ/

reference_url

https://security.netapp.com/advisory/ntap-20240614-0004/

reference_id

ntap-20240614-0004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T19:54:35Z/

url

https://security.netapp.com/advisory/ntap-20240614-0004/

reference_url	https://access.redhat.com/errata/RHSA-2024:10696
reference_id	RHSA-2024:10696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10696

reference_url	https://access.redhat.com/errata/RHSA-2024:5107
reference_id	RHSA-2024:5107
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5107

reference_url	https://access.redhat.com/errata/RHSA-2024:5810
reference_id	RHSA-2024:5810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5810

reference_url	https://access.redhat.com/errata/RHSA-2024:6016
reference_id	RHSA-2024:6016
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6016

reference_url	https://access.redhat.com/errata/RHSA-2024:6406
reference_id	RHSA-2024:6406
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6406

reference_url	https://access.redhat.com/errata/RHSA-2024:9975
reference_id	RHSA-2024:9975
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9975

reference_url	https://access.redhat.com/errata/RHSA-2024:9976
reference_id	RHSA-2024:9976
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9976

reference_url	https://access.redhat.com/errata/RHSA-2025:4664
reference_id	RHSA-2025:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4664

reference_url	https://access.redhat.com/errata/RHSA-2025:9340
reference_id	RHSA-2025:9340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9340

reference_url	https://usn.ubuntu.com/6799-1/
reference_id	USN-6799-1
reference_type
scores
url	https://usn.ubuntu.com/6799-1/

fixed_packages

url pkg:pypi/werkzeug@3.0.3

purl pkg:pypi/werkzeug@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.0.3

aliases CVE-2024-34069, GHSA-2g68-c3qc-8985

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93gv-5paq-u3fp

url VCID-ba3h-azsk-w7gh

vulnerability_id VCID-ba3h-azsk-w7gh

summary In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.

references

reference_url

http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14322

reference_id

reference_type

scores

value	0.90059
scoring_system	epss
scoring_elements	0.99603
published_at	2026-06-11T12:55:00Z

value	0.90059
scoring_system	epss
scoring_elements	0.99604
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14322

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14322

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14322

reference_url

https://palletsprojects.com/blog/werkzeug-0-15-5-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://palletsprojects.com/blog/werkzeug-0-15-5-released

reference_url	https://palletsprojects.com/blog/werkzeug-0-15-5-released/
reference_id
reference_type
scores
url	https://palletsprojects.com/blog/werkzeug-0-15-5-released/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50101.py
reference_id	CVE-2019-14322
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/50101.py

fixed_packages

url pkg:pypi/werkzeug@0.15.5

purl pkg:pypi/werkzeug@0.15.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-uxg1-gcc9-zffq

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.15.5

aliases CVE-2019-14322, GHSA-j544-7q9p-6xp8

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba3h-azsk-w7gh

url VCID-cmva-y13q-1ybm

vulnerability_id VCID-cmva-y13q-1ybm

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49766.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49766.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-49766

reference_id

reference_type

scores

value	0.01392
scoring_system	epss
scoring_elements	0.80789
published_at	2026-06-11T12:55:00Z

value	0.01392
scoring_system	epss
scoring_elements	0.80849
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-49766

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-49766

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-49766

reference_url

https://security.netapp.com/advisory/ntap-20250131-0005

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250131-0005

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2321828
reference_id	2321828
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2321828

reference_url

https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092

reference_id

2767bcb10a7dd1c297d812cc5e6d11a474c1f092

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T20:08:46Z/

url

https://github.com/pallets/werkzeug/commit/2767bcb10a7dd1c297d812cc5e6d11a474c1f092

reference_url

https://github.com/pallets/werkzeug/releases/tag/3.0.6

reference_id

3.0.6

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T20:08:46Z/

url

https://github.com/pallets/werkzeug/releases/tag/3.0.6

reference_url	https://github.com/advisories/GHSA-f9vj-2wh5-fj8j
reference_id	GHSA-f9vj-2wh5-fj8j
reference_type
scores
url	https://github.com/advisories/GHSA-f9vj-2wh5-fj8j

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j

reference_id

GHSA-f9vj-2wh5-fj8j

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T20:08:46Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-f9vj-2wh5-fj8j

fixed_packages

url pkg:pypi/werkzeug@3.0.6

purl pkg:pypi/werkzeug@3.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.0.6

aliases CVE-2024-49766, GHSA-f9vj-2wh5-fj8j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmva-y13q-1ybm

url VCID-fb7f-fgur-kyeq

vulnerability_id VCID-fb7f-fgur-kyeq

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28724.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28724.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28724

reference_id

reference_type

scores

value	0.00917
scoring_system	epss
scoring_elements	0.76455
published_at	2026-06-12T12:55:00Z

value	0.00917
scoring_system	epss
scoring_elements	0.76385
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28724

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-3p3h-qghp-hvh2

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3p3h-qghp-hvh2

reference_url

https://github.com/pallets/flask/issues/1639

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/flask/issues/1639

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/issues/822

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/issues/822

reference_url

https://github.com/pallets/werkzeug/pull/890/files

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/pull/890/files

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2020-157.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28724

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28724

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1899267
reference_id	1899267
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1899267

reference_url	https://usn.ubuntu.com/4655-1/
reference_id	USN-4655-1
reference_type
scores
url	https://usn.ubuntu.com/4655-1/

fixed_packages

url pkg:pypi/werkzeug@0.11.6

purl pkg:pypi/werkzeug@0.11.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xan-3t6x-augk

vulnerability	VCID-8nxt-dhqc-fbda

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-ba3h-azsk-w7gh

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-jrpy-g6bn-ukag

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-uxg1-gcc9-zffq

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.11.6

aliases CVE-2020-28724, GHSA-3p3h-qghp-hvh2, PYSEC-2020-157

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb7f-fgur-kyeq

url VCID-jrpy-g6bn-ukag

vulnerability_id VCID-jrpy-g6bn-ukag

summary

references

reference_url

http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger

reference_url	http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
reference_id
reference_type
scores
url	http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10516.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10516

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61902
published_at	2026-06-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61802
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-h2fp-xgx6-xh6f

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h2fp-xgx6-xh6f

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65

reference_url

https://github.com/pallets/werkzeug/pull/1001

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/pull/1001

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2017-43.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00037.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10516

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10516

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1512102
reference_id	1512102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1512102

reference_url	https://usn.ubuntu.com/3463-1/
reference_id	USN-3463-1
reference_type
scores
url	https://usn.ubuntu.com/3463-1/

fixed_packages

url pkg:pypi/werkzeug@0.11.11

purl pkg:pypi/werkzeug@0.11.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xan-3t6x-augk

vulnerability	VCID-8nxt-dhqc-fbda

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-ba3h-azsk-w7gh

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-uxg1-gcc9-zffq

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.11.11

aliases CVE-2016-10516, GHSA-h2fp-xgx6-xh6f, PYSEC-2017-43

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrpy-g6bn-ukag

url VCID-mhnk-74gt-jkh7

vulnerability_id VCID-mhnk-74gt-jkh7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23934

reference_id

reference_type

scores

value	0.00267
scoring_system	epss
scoring_elements	0.50442
published_at	2026-06-11T12:55:00Z

value	0.00267
scoring_system	epss
scoring_elements	0.50576
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-57.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-23934

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23934

reference_url

https://security.netapp.com/advisory/ntap-20230818-0003

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0003

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id	1031370
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170243
reference_id	2170243
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170243

reference_url

https://github.com/pallets/werkzeug/releases/tag/2.2.3

reference_id

2.2.3

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/

url

https://github.com/pallets/werkzeug/releases/tag/2.2.3

reference_url

https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028

reference_id

cf275f42acad1b5950c50ffe8ef58fe62cdce028

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/

url

https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028

reference_url

https://www.debian.org/security/2023/dsa-5470

reference_id

dsa-5470

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/

url

https://www.debian.org/security/2023/dsa-5470

reference_url

https://github.com/advisories/GHSA-px8h-6qxv-m22q

reference_id

GHSA-px8h-6qxv-m22q

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-px8h-6qxv-m22q

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

reference_id

GHSA-px8h-6qxv-m22q

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

reference_url

https://security.netapp.com/advisory/ntap-20230818-0003/

reference_id

ntap-20230818-0003

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:36Z/

url

https://security.netapp.com/advisory/ntap-20230818-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:1018
reference_id	RHSA-2023:1018
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1018

reference_url	https://access.redhat.com/errata/RHSA-2025:4664
reference_id	RHSA-2025:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4664

reference_url	https://access.redhat.com/errata/RHSA-2025:9775
reference_id	RHSA-2025:9775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9775

reference_url	https://usn.ubuntu.com/5948-1/
reference_id	USN-5948-1
reference_type
scores
url	https://usn.ubuntu.com/5948-1/

reference_url	https://usn.ubuntu.com/5948-2/
reference_id	USN-5948-2
reference_type
scores
url	https://usn.ubuntu.com/5948-2/

fixed_packages

url pkg:pypi/werkzeug@2.2.3

purl pkg:pypi/werkzeug@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.2.3

aliases CVE-2023-23934, GHSA-px8h-6qxv-m22q, PYSEC-2023-57

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhnk-74gt-jkh7

url VCID-mv8v-yf83-f7hz

vulnerability_id VCID-mv8v-yf83-f7hz

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46136.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46136

reference_id

reference_type

scores

value	0.00877
scoring_system	epss
scoring_elements	0.75747
published_at	2026-06-11T12:55:00Z

value	0.00877
scoring_system	epss
scoring_elements	0.75818
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46136

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1

reference_url

https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/cbb446fdcada7685fce936ded01b76c08dbd6eb5

reference_url

https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9

reference_url

https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46136

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46136

reference_url

https://security.netapp.com/advisory/ntap-20231124-0008

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231124-0008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553
reference_id	1054553
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054553

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246310
reference_id	2246310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246310

reference_url

https://github.com/advisories/GHSA-hrfv-mqp8-q5rw

reference_id

GHSA-hrfv-mqp8-q5rw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hrfv-mqp8-q5rw

reference_url	https://access.redhat.com/errata/RHSA-2023:7473
reference_id	RHSA-2023:7473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7473

reference_url	https://access.redhat.com/errata/RHSA-2023:7477
reference_id	RHSA-2023:7477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7477

reference_url	https://access.redhat.com/errata/RHSA-2023:7610
reference_id	RHSA-2023:7610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7610

reference_url	https://access.redhat.com/errata/RHSA-2024:0189
reference_id	RHSA-2024:0189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0189

reference_url	https://access.redhat.com/errata/RHSA-2024:0214
reference_id	RHSA-2024:0214
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0214

reference_url	https://access.redhat.com/errata/RHSA-2025:9775
reference_id	RHSA-2025:9775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9775

fixed_packages

url pkg:pypi/werkzeug@2.3.8

purl pkg:pypi/werkzeug@2.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.3.8

url pkg:pypi/werkzeug@3.0.1

purl pkg:pypi/werkzeug@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.0.1

aliases CVE-2023-46136, GHSA-hrfv-mqp8-q5rw, PYSEC-2023-221

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv8v-yf83-f7hz

url VCID-paz3-8jzs-j3bc

vulnerability_id VCID-paz3-8jzs-j3bc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25577

reference_id

reference_type

scores

value	0.00366
scoring_system	epss
scoring_elements	0.59012
published_at	2026-06-11T12:55:00Z

value	0.00366
scoring_system	epss
scoring_elements	0.59124
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25577

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-58.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25577

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25577

reference_url

https://security.netapp.com/advisory/ntap-20230818-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230818-0003

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370
reference_id	1031370
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031370

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2170242
reference_id	2170242
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2170242

reference_url

https://github.com/pallets/werkzeug/releases/tag/2.2.3

reference_id

2.2.3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/

url

https://github.com/pallets/werkzeug/releases/tag/2.2.3

reference_url

https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1

reference_id

517cac5a804e8c4dc4ed038bb20dacd038e7a9f1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/

url

https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1

reference_url

https://www.debian.org/security/2023/dsa-5470

reference_id

dsa-5470

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/

url

https://www.debian.org/security/2023/dsa-5470

reference_url

https://github.com/advisories/GHSA-xg9f-g7g7-2323

reference_id

GHSA-xg9f-g7g7-2323

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xg9f-g7g7-2323

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323

reference_id

GHSA-xg9f-g7g7-2323

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323

reference_url

https://security.netapp.com/advisory/ntap-20230818-0003/

reference_id

ntap-20230818-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:37Z/

url

https://security.netapp.com/advisory/ntap-20230818-0003/

reference_url	https://access.redhat.com/errata/RHSA-2023:1018
reference_id	RHSA-2023:1018
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1018

reference_url	https://access.redhat.com/errata/RHSA-2023:1281
reference_id	RHSA-2023:1281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1281

reference_url	https://access.redhat.com/errata/RHSA-2023:1325
reference_id	RHSA-2023:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1325

reference_url	https://access.redhat.com/errata/RHSA-2023:7341
reference_id	RHSA-2023:7341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7341

reference_url	https://access.redhat.com/errata/RHSA-2023:7473
reference_id	RHSA-2023:7473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7473

reference_url	https://access.redhat.com/errata/RHSA-2025:4664
reference_id	RHSA-2025:4664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4664

reference_url	https://access.redhat.com/errata/RHSA-2025:9775
reference_id	RHSA-2025:9775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9775

reference_url	https://usn.ubuntu.com/5948-1/
reference_id	USN-5948-1
reference_type
scores
url	https://usn.ubuntu.com/5948-1/

reference_url	https://usn.ubuntu.com/5948-2/
reference_id	USN-5948-2
reference_type
scores
url	https://usn.ubuntu.com/5948-2/

fixed_packages

url pkg:pypi/werkzeug@2.2.3

purl pkg:pypi/werkzeug@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.2.3

aliases CVE-2023-25577, GHSA-xg9f-g7g7-2323, PYSEC-2023-58

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-paz3-8jzs-j3bc

url VCID-qbsa-4jw1-8fa3

vulnerability_id VCID-qbsa-4jw1-8fa3

summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66221.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66221

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.1312
published_at	2026-06-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13023
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66221

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2417789
reference_id	2417789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2417789

reference_url

https://github.com/pallets/werkzeug/releases/tag/3.1.4

reference_id

3.1.4

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T15:35:05Z/

url

https://github.com/pallets/werkzeug/releases/tag/3.1.4

reference_url

https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13

reference_id

4b833376a45c323a189cd11d2362bcffdb1c0c13

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T15:35:05Z/

url

https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66221

reference_id

CVE-2025-66221

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66221

reference_url

https://github.com/advisories/GHSA-hgf8-39gv-g3f2

reference_id

GHSA-hgf8-39gv-g3f2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgf8-39gv-g3f2

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2

reference_id

GHSA-hgf8-39gv-g3f2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T15:35:05Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2

fixed_packages

url pkg:pypi/werkzeug@3.1.4

purl pkg:pypi/werkzeug@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.1.4

aliases CVE-2025-66221, GHSA-hgf8-39gv-g3f2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbsa-4jw1-8fa3

url VCID-tvm8-k2r7-vqev

vulnerability_id VCID-tvm8-k2r7-vqev

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-21860

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06737
published_at	2026-06-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06757
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-21860

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3

reference_id

7ae1d254e04a0c33e241ac1cca4783ce6c875ca3

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T18:50:24Z/

url

https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-21860

reference_id

CVE-2026-21860

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-21860

reference_url

https://github.com/advisories/GHSA-87hc-h4r5-73f7

reference_id

GHSA-87hc-h4r5-73f7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-87hc-h4r5-73f7

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7

reference_id

GHSA-87hc-h4r5-73f7

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T18:50:24Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7

fixed_packages

url pkg:pypi/werkzeug@3.1.5

purl pkg:pypi/werkzeug@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.1.5

aliases CVE-2026-21860, GHSA-87hc-h4r5-73f7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvm8-k2r7-vqev

url VCID-uxg1-gcc9-zffq

vulnerability_id VCID-uxg1-gcc9-zffq

summary ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29361.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29361.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29361

reference_id

reference_type

scores

value	0.31113
scoring_system	epss
scoring_elements	0.96865
published_at	2026-06-11T12:55:00Z

value	0.31113
scoring_system	epss
scoring_elements	0.96876
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29361

reference_url	https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85
reference_id
reference_type
scores
url	https://github.com/pallets/werkzeug/commit/9a3a981d70d2e9ec3344b5192f86fcaf3210cd85

reference_url	https://github.com/pallets/werkzeug/issues/2420
reference_id
reference_type
scores
url	https://github.com/pallets/werkzeug/issues/2420

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253045
reference_id	2253045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253045

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29361
reference_id	CVE-2022-29361
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29361

fixed_packages

url pkg:pypi/werkzeug@2.1.1

purl pkg:pypi/werkzeug@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-93gv-5paq-u3fp

vulnerability	VCID-cmva-y13q-1ybm

vulnerability	VCID-h59y-hb7x-rqeu

vulnerability	VCID-mhnk-74gt-jkh7

vulnerability	VCID-mv8v-yf83-f7hz

vulnerability	VCID-paz3-8jzs-j3bc

vulnerability	VCID-qbsa-4jw1-8fa3

vulnerability	VCID-tvm8-k2r7-vqev

vulnerability	VCID-vkcd-2wzg-9kgf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@2.1.1

aliases CVE-2022-29361, PYSEC-2022-203

risk_score 0.1

exploitability 0.5

weighted_severity 0.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxg1-gcc9-zffq

url VCID-vkcd-2wzg-9kgf

vulnerability_id VCID-vkcd-2wzg-9kgf

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27199

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.08313
published_at	2026-06-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08274
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27199

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pallets/werkzeug

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pallets/werkzeug

reference_url

https://github.com/pallets/werkzeug/releases/tag/3.1.6

reference_id

3.1.6

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:02:05Z/

url

https://github.com/pallets/werkzeug/releases/tag/3.1.6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27199

reference_id

CVE-2026-27199

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27199

reference_url

https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d

reference_id

f407712fdc60a09c2b3f4fe7db557703e5d9338d

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:02:05Z/

url

https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d

reference_url

https://github.com/advisories/GHSA-29vq-49wr-vm6x

reference_id

GHSA-29vq-49wr-vm6x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29vq-49wr-vm6x

reference_url

https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x

reference_id

GHSA-29vq-49wr-vm6x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T19:02:05Z/

url

https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x

fixed_packages

url	pkg:pypi/werkzeug@3.1.6
purl	pkg:pypi/werkzeug@3.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@3.1.6

aliases CVE-2026-27199, GHSA-29vq-49wr-vm6x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkcd-2wzg-9kgf

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/werkzeug@0.7.2

Package Instance