Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/flask-appbuilder@0.1.45
Typepypi
Namespace
Nameflask-appbuilder
Version0.1.45
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.8.1
Latest_non_vulnerable_version4.8.1
Affected_by_vulnerabilities
0
url VCID-23ud-tv73-xka1
vulnerability_id VCID-23ud-tv73-xka1
summary Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB_SAFE_REDIRECT_HOSTS` configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. As a workaround, use a reverse proxy to enforce trusted host headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41844
published_at 2026-06-11T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.42008
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_id 32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
4
reference_url https://github.com/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
url https://github.com/advisories/GHSA-99pm-ch96-ccp2
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.6.2
purl pkg:pypi/flask-appbuilder@4.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ab-mbsc-97ft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.6.2
aliases CVE-2025-32962, GHSA-99pm-ch96-ccp2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23ud-tv73-xka1
1
url VCID-9n39-xnrs-5ugj
vulnerability_id VCID-9n39-xnrs-5ugj
summary Improper Authentication in Flask-AppBuilder
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41265
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56184
published_at 2026-06-11T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56304
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41265
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-851.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-851.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41265
reference_id CVE-2021-41265
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41265
6
reference_url https://github.com/advisories/GHSA-m3rf-7m4w-r66q
reference_id GHSA-m3rf-7m4w-r66q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3rf-7m4w-r66q
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
reference_id GHSA-m3rf-7m4w-r66q
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.3.4
purl pkg:pypi/flask-appbuilder@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-bnzc-sjpx-g3g1
3
vulnerability VCID-ghuk-3ydf-q7gb
4
vulnerability VCID-kdgq-nm95-j7h7
5
vulnerability VCID-m7g1-s5eg-vkc8
6
vulnerability VCID-mucc-yt4c-afh5
7
vulnerability VCID-qcqd-7xqt-jkew
8
vulnerability VCID-wrnn-ykhq-gqhg
9
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.3.4
aliases CVE-2021-41265, GHSA-m3rf-7m4w-r66q, PYSEC-2021-851
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9n39-xnrs-5ugj
2
url VCID-b1ab-mbsc-97ft
vulnerability_id VCID-b1ab-mbsc-97ft
summary Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider. Users should upgrade to Flask-AppBuilder version 4.8.1 or later to receive a fix. If immediate upgrade is not possible, manually disable password reset routes in the application configuration; implement additional access controls at the web server or proxy level to block access to the reset my password URL; and/or monitor for suspicious password reset attempts from disabled accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08797
published_at 2026-06-11T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08838
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
reference_id 2384
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_id a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
5
reference_url https://github.com/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
url https://github.com/advisories/GHSA-765j-9r45-w2q2
6
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
reference_id v4.8.1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.8.1
purl pkg:pypi/flask-appbuilder@4.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.8.1
aliases CVE-2025-58065, GHSA-765j-9r45-w2q2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1ab-mbsc-97ft
3
url VCID-bnzc-sjpx-g3g1
vulnerability_id VCID-bnzc-sjpx-g3g1
summary Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Users are advised to upgrade to version 3.4.4 as soon as possible. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21659
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57293
published_at 2026-06-11T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57411
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21659
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commits/v3.4.4
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-24.yaml
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
reference_id 1775
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:44:49Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21659
reference_id CVE-2022-21659
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21659
7
reference_url https://github.com/advisories/GHSA-wfjw-w6pv-8p7f
reference_id GHSA-wfjw-w6pv-8p7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wfjw-w6pv-8p7f
8
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
reference_id GHSA-wfjw-w6pv-8p7f
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:44:49Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.4.2
purl pkg:pypi/flask-appbuilder@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-bnzc-sjpx-g3g1
3
vulnerability VCID-ghuk-3ydf-q7gb
4
vulnerability VCID-kdgq-nm95-j7h7
5
vulnerability VCID-m7g1-s5eg-vkc8
6
vulnerability VCID-mucc-yt4c-afh5
7
vulnerability VCID-qcqd-7xqt-jkew
8
vulnerability VCID-wrnn-ykhq-gqhg
9
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.2
1
url pkg:pypi/flask-appbuilder@3.4.4
purl pkg:pypi/flask-appbuilder@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-ghuk-3ydf-q7gb
3
vulnerability VCID-kdgq-nm95-j7h7
4
vulnerability VCID-m7g1-s5eg-vkc8
5
vulnerability VCID-mucc-yt4c-afh5
6
vulnerability VCID-qcqd-7xqt-jkew
7
vulnerability VCID-wrnn-ykhq-gqhg
8
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.4
aliases CVE-2022-21659, GHSA-wfjw-w6pv-8p7f, PYSEC-2022-24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnzc-sjpx-g3g1
4
url VCID-devu-xx2s-h3fh
vulnerability_id VCID-devu-xx2s-h3fh
summary Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29621
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62946
published_at 2026-06-11T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.63048
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29621
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-90.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-90.yaml
5
reference_url https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29621
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29621
12
reference_url https://pypi.org/project/Flask-AppBuilder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Flask-AppBuilder
13
reference_url https://pypi.org/project/Flask-AppBuilder/
reference_id
reference_type
scores
url https://pypi.org/project/Flask-AppBuilder/
14
reference_url https://github.com/advisories/GHSA-434h-p4gx-jm89
reference_id GHSA-434h-p4gx-jm89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-434h-p4gx-jm89
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.3.0
purl pkg:pypi/flask-appbuilder@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-9n39-xnrs-5ugj
2
vulnerability VCID-b1ab-mbsc-97ft
3
vulnerability VCID-bnzc-sjpx-g3g1
4
vulnerability VCID-ghuk-3ydf-q7gb
5
vulnerability VCID-hzbn-cpej-y3bc
6
vulnerability VCID-kdgq-nm95-j7h7
7
vulnerability VCID-m7g1-s5eg-vkc8
8
vulnerability VCID-mucc-yt4c-afh5
9
vulnerability VCID-qcqd-7xqt-jkew
10
vulnerability VCID-wrnn-ykhq-gqhg
11
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.3.0
aliases BIT-airflow-2021-29621, CVE-2021-29621, GHSA-434h-p4gx-jm89, PYSEC-2021-90
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-devu-xx2s-h3fh
5
url VCID-ghuk-3ydf-q7gb
vulnerability_id VCID-ghuk-3ydf-q7gb
summary Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34110
reference_id
reference_type
scores
0
value 0.00472
scoring_system epss
scoring_elements 0.6519
published_at 2026-06-12T12:55:00Z
1
value 0.00472
scoring_system epss
scoring_elements 0.65089
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34110
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2023-94.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34110
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34110
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2045
reference_id 2045
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2045
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626
reference_id ae25ad4c87a9051ebe4a4e8f02aee73232642626
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626
6
reference_url https://github.com/advisories/GHSA-jhpr-j7cq-3jp3
reference_id GHSA-jhpr-j7cq-3jp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jhpr-j7cq-3jp3
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3
reference_id GHSA-jhpr-j7cq-3jp3
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3
8
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2
reference_id v4.3.2
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T15:28:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.2
purl pkg:pypi/flask-appbuilder@4.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-m7g1-s5eg-vkc8
3
vulnerability VCID-qcqd-7xqt-jkew
4
vulnerability VCID-wrnn-ykhq-gqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.2
aliases CVE-2023-34110, GHSA-jhpr-j7cq-3jp3, PYSEC-2023-94
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghuk-3ydf-q7gb
6
url VCID-hzbn-cpej-y3bc
vulnerability_id VCID-hzbn-cpej-y3bc
summary Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32805
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40612
published_at 2026-06-11T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.4078
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32805
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.2
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-359.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-359.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32805
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32805
7
reference_url https://pypi.org/project/Flask-AppBuilder
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Flask-AppBuilder
8
reference_url https://github.com/advisories/GHSA-624f-cqvr-3qw4
reference_id GHSA-624f-cqvr-3qw4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-624f-cqvr-3qw4
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.3.2
purl pkg:pypi/flask-appbuilder@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-9n39-xnrs-5ugj
2
vulnerability VCID-b1ab-mbsc-97ft
3
vulnerability VCID-bnzc-sjpx-g3g1
4
vulnerability VCID-ghuk-3ydf-q7gb
5
vulnerability VCID-kdgq-nm95-j7h7
6
vulnerability VCID-m7g1-s5eg-vkc8
7
vulnerability VCID-mucc-yt4c-afh5
8
vulnerability VCID-qcqd-7xqt-jkew
9
vulnerability VCID-wrnn-ykhq-gqhg
10
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.3.2
aliases CVE-2021-32805, GHSA-624f-cqvr-3qw4, PYSEC-2021-359
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzbn-cpej-y3bc
7
url VCID-kdgq-nm95-j7h7
vulnerability_id VCID-kdgq-nm95-j7h7
summary Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24776
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57751
published_at 2026-06-12T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57635
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24776
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804/commits/5214d975ebad2ff32057443d2cc20fef1c04d0ea
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804/commits/5214d975ebad2ff32057443d2cc20fef1c04d0ea
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
reference_id 1804
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1804
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24776
reference_id CVE-2022-24776
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24776
5
reference_url https://github.com/advisories/GHSA-2ccw-7px8-vmpf
reference_id GHSA-2ccw-7px8-vmpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ccw-7px8-vmpf
6
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
reference_id GHSA-2ccw-7px8-vmpf
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5
reference_id v3.4.5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.4.5
fixed_packages
0
url pkg:pypi/flask-appbuilder@3.4.5
purl pkg:pypi/flask-appbuilder@3.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-ghuk-3ydf-q7gb
3
vulnerability VCID-m7g1-s5eg-vkc8
4
vulnerability VCID-mucc-yt4c-afh5
5
vulnerability VCID-qcqd-7xqt-jkew
6
vulnerability VCID-wrnn-ykhq-gqhg
7
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@3.4.5
aliases CVE-2022-24776, GHSA-2ccw-7px8-vmpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdgq-nm95-j7h7
8
url VCID-m7g1-s5eg-vkc8
vulnerability_id VCID-m7g1-s5eg-vkc8
summary Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66716
published_at 2026-06-12T12:55:00Z
1
value 0.00504
scoring_system epss
scoring_elements 0.66623
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
4
reference_url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
reference_id GHSA-p8q5-cvwx-wvwp
reference_type
scores
url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
reference_id GHSA-p8q5-cvwx-wvwp
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T18:41:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.5.3
purl pkg:pypi/flask-appbuilder@4.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3
aliases CVE-2025-24023, GHSA-p8q5-cvwx-wvwp, PYSEC-2025-15
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7g1-s5eg-vkc8
9
url VCID-mucc-yt4c-afh5
vulnerability_id VCID-mucc-yt4c-afh5
summary Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31177
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57382
published_at 2026-06-11T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.64284
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31177
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2022-247.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31177
reference_id CVE-2022-31177
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31177
4
reference_url https://github.com/advisories/GHSA-32ff-4g79-vgfc
reference_id GHSA-32ff-4g79-vgfc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32ff-4g79-vgfc
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
reference_id GHSA-32ff-4g79-vgfc
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:57Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
6
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
reference_id v4.1.3
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:02:57Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.1.3
purl pkg:pypi/flask-appbuilder@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-ghuk-3ydf-q7gb
3
vulnerability VCID-m7g1-s5eg-vkc8
4
vulnerability VCID-qcqd-7xqt-jkew
5
vulnerability VCID-wrnn-ykhq-gqhg
6
vulnerability VCID-yga1-2nmt-47dq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.1.3
aliases CVE-2022-31177, GHSA-32ff-4g79-vgfc, PYSEC-2022-247
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mucc-yt4c-afh5
10
url VCID-qcqd-7xqt-jkew
vulnerability_id VCID-qcqd-7xqt-jkew
summary Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25128
reference_id
reference_type
scores
0
value 0.0096
scoring_system epss
scoring_elements 0.76979
published_at 2026-06-12T12:55:00Z
1
value 0.0096
scoring_system epss
scoring_elements 0.76906
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25128
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8
reference_id 6336456d83f8f111c842b2b53d1e89627f2502c8
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25128
reference_id CVE-2024-25128
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25128
4
reference_url https://github.com/advisories/GHSA-j2pw-vp55-fqqj
reference_id GHSA-j2pw-vp55-fqqj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j2pw-vp55-fqqj
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj
reference_id GHSA-j2pw-vp55-fqqj
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-26T19:49:15Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.11
purl pkg:pypi/flask-appbuilder@4.3.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-m7g1-s5eg-vkc8
3
vulnerability VCID-wrnn-ykhq-gqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.11
aliases CVE-2024-25128, GHSA-j2pw-vp55-fqqj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqd-7xqt-jkew
11
url VCID-wrnn-ykhq-gqhg
vulnerability_id VCID-wrnn-ykhq-gqhg
summary Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45314
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.32775
published_at 2026-06-12T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.32593
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45314
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636
reference_id 3030e881d2e44f4021764e18e489fe940a9b3636
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45314
reference_id CVE-2024-45314
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45314
4
reference_url https://github.com/advisories/GHSA-fw5r-6m3x-rh7p
reference_id GHSA-fw5r-6m3x-rh7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw5r-6m3x-rh7p
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p
reference_id GHSA-fw5r-6m3x-rh7p
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T17:40:06Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.5.1
purl pkg:pypi/flask-appbuilder@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-m7g1-s5eg-vkc8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.1
aliases CVE-2024-45314, GHSA-fw5r-6m3x-rh7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrnn-ykhq-gqhg
12
url VCID-yga1-2nmt-47dq
vulnerability_id VCID-yga1-2nmt-47dq
summary Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29005
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.53609
published_at 2026-06-11T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53735
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29005
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/1976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/pull/1976
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.3.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29005
5
reference_url https://flask-limiter.readthedocs.io/en/stable/configuration.html
reference_id configuration.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T19:35:35Z/
url https://flask-limiter.readthedocs.io/en/stable/configuration.html
6
reference_url https://github.com/advisories/GHSA-9hcr-9hcv-x6pv
reference_id GHSA-9hcr-9hcv-x6pv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9hcr-9hcv-x6pv
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
reference_id GHSA-9hcr-9hcv-x6pv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T19:35:35Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.3.0
purl pkg:pypi/flask-appbuilder@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
2
vulnerability VCID-ghuk-3ydf-q7gb
3
vulnerability VCID-m7g1-s5eg-vkc8
4
vulnerability VCID-qcqd-7xqt-jkew
5
vulnerability VCID-wrnn-ykhq-gqhg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.3.0
aliases CVE-2023-29005, GHSA-9hcr-9hcv-x6pv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yga1-2nmt-47dq
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@0.1.45