SecAlerts
CVE ListPricingSign Up
palletsprojects logo

palletsprojects

Security Risk Profile

30
/100
low

Security Risk Score

Comprehensive risk assessment based on 27 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from October 23, 2017 to present

27
Total CVEs
14
Critical+High
0
Exploited
1
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
1
Critical/High
Risk Level
30/100
low
📈 1 in Last 30 Days

Severity Distribution

Critical
1
High
13
Medium
12
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
10

Age Distribution

Common Weaknesses (CWE)

1
XSS
3
2
Input Validation
3
3
Path Traversal
2
4
Command Injection
1
5
CSRF
1

Most Affected Products

1. ubuntu/jinja220
2. palletsprojects Werkzeug15
3. redhat/python-werkzeug10
4. debian/jinja28
5. palletsprojects Jinja8

Recent Vulnerabilities

See more →
CVE-2026-7246
CVSS 7.2EPSS 0%high

Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

4/30/2026
CVE-2026-27205
CVSS 4.3EPSS 0%medium

Flask session does not add `Vary: Cookie` header when accessed in some ways

2/19/2026
CVE-2026-27199
CVSS 6.3EPSS 0%medium

Werkzeug safe_join() allows Windows special device names

2/19/2026
CVE-2026-21860
CVSS 6.3EPSS 0%medium

Werkzeug safe_join() allows Windows special device names with compound extensions

1/8/2026
CVE-2025-66221
CVSS 6.3medium

Werkzeug safe_join() allows Windows special device names

11/29/2025
CVE-2025-27516
CVSS 5.4EPSS 0%medium

Jinja sandbox breakout through attr filter selecting format method

3/5/2025
CVE-2024-56326
CVSS 7.8high

Jinja has a sandbox breakout through indirect reference to format method

12/23/2024
CVE-2024-56201
CVSS 5.4medium

Jinja has a sandbox breakout through malicious filenames

12/23/2024
CVE-2024-49767
CVSS 6.9EPSS 1%medium

Werkzeug possible resource exhaustion when parsing file data in forms

10/25/2024
CVE-2024-49766
CVSS 6.3EPSS 0%medium

Werkzeug safe_join not safe on Windows

10/25/2024

Monitor palletsprojects in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

palletsprojects Security Vulnerabilities & Risk Score | 27 CVEs | SecAlerts - SecAlerts