Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/flask-appbuilder@4.5.4rc1
Typepypi
Namespace
Nameflask-appbuilder
Version4.5.4rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.8.1
Latest_non_vulnerable_version4.8.1
Affected_by_vulnerabilities
0
url VCID-8zwq-xg8n-q7g9
vulnerability_id VCID-8zwq-xg8n-q7g9
summary 
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41834
published_at 2026-06-05T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41843
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
reference_id CVE-2025-32962
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
4
reference_url https://github.com/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
url https://github.com/advisories/GHSA-99pm-ch96-ccp2
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.6.2
purl pkg:pypi/flask-appbuilder@4.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-t897-gphs-wugu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.6.2
aliases CVE-2025-32962, GHSA-99pm-ch96-ccp2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zwq-xg8n-q7g9
1
url VCID-t897-gphs-wugu
vulnerability_id VCID-t897-gphs-wugu
summary 
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08565
published_at 2026-06-05T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08581
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
reference_id CVE-2025-58065
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
6
reference_url https://github.com/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
url https://github.com/advisories/GHSA-765j-9r45-w2q2
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.8.1
purl pkg:pypi/flask-appbuilder@4.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.8.1
aliases CVE-2025-58065, GHSA-765j-9r45-w2q2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t897-gphs-wugu
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.4rc1