Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/flask-appbuilder@4.5.3rc1
Typepypi
Namespace
Nameflask-appbuilder
Version4.5.3rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.8.1
Latest_non_vulnerable_version4.8.1
Affected_by_vulnerabilities
0
url VCID-23ud-tv73-xka1
vulnerability_id VCID-23ud-tv73-xka1
summary Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the `FAB_SAFE_REDIRECT_HOSTS` configuration variable, which allows administrators to explicitly define which domains are considered safe for redirection. As a workaround, use a reverse proxy to enforce trusted host headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.42017
published_at 2026-06-14T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.42008
published_at 2026-06-12T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.42027
published_at 2026-06-13T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41844
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32962
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32962
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_id 32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/32eedbbb5cb483a3e782c5f2732de4a6a650d9b6
4
reference_url https://github.com/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99pm-ch96-ccp2
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
reference_id GHSA-99pm-ch96-ccp2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-16T14:53:44Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-99pm-ch96-ccp2
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.6.2
purl pkg:pypi/flask-appbuilder@4.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b1ab-mbsc-97ft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.6.2
aliases CVE-2025-32962, GHSA-99pm-ch96-ccp2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23ud-tv73-xka1
1
url VCID-b1ab-mbsc-97ft
vulnerability_id VCID-b1ab-mbsc-97ft
summary Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider. Users should upgrade to Flask-AppBuilder version 4.8.1 or later to receive a fix. If immediate upgrade is not possible, manually disable password reset routes in the application configuration; implement additional access controls at the web server or proxy level to block access to the reset my password URL; and/or monitor for suspicious password reset attempts from disabled accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08797
published_at 2026-06-11T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08834
published_at 2026-06-14T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08838
published_at 2026-06-12T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08844
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58065
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58065
3
reference_url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
reference_id 2384
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/pull/2384
4
reference_url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_id a942a9cc5775752f9a02f97fd8198dd288fa93ee
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/commit/a942a9cc5775752f9a02f97fd8198dd288fa93ee
5
reference_url https://github.com/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-765j-9r45-w2q2
6
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
reference_id GHSA-765j-9r45-w2q2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-765j-9r45-w2q2
7
reference_url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
reference_id v4.8.1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T19:22:07Z/
url https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.8.1
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.8.1
purl pkg:pypi/flask-appbuilder@4.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.8.1
aliases CVE-2025-58065, GHSA-765j-9r45-w2q2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1ab-mbsc-97ft
2
url VCID-m7g1-s5eg-vkc8
vulnerability_id VCID-m7g1-s5eg-vkc8
summary Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66728
published_at 2026-06-14T12:55:00Z
1
value 0.00504
scoring_system epss
scoring_elements 0.66623
published_at 2026-06-11T12:55:00Z
2
value 0.00504
scoring_system epss
scoring_elements 0.66729
published_at 2026-06-13T12:55:00Z
3
value 0.00504
scoring_system epss
scoring_elements 0.66716
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24023
1
reference_url https://github.com/dpgaspar/Flask-AppBuilder
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/dpgaspar/Flask-AppBuilder
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24023
4
reference_url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
reference_id GHSA-p8q5-cvwx-wvwp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8q5-cvwx-wvwp
5
reference_url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
reference_id GHSA-p8q5-cvwx-wvwp
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T18:41:12Z/
url https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp
fixed_packages
0
url pkg:pypi/flask-appbuilder@4.5.3
purl pkg:pypi/flask-appbuilder@4.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23ud-tv73-xka1
1
vulnerability VCID-b1ab-mbsc-97ft
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3
aliases CVE-2025-24023, GHSA-p8q5-cvwx-wvwp, PYSEC-2025-15
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7g1-s5eg-vkc8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/flask-appbuilder@4.5.3rc1