Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how palletsprojects compares to other vendors in security performance

View Risk Score →

pypi/clickPallets Click contains a command injection via Unsanitized Filename "click.edit()"

Risk 45
Severity
7.2
EPSS
0.03%
First published (updated )
CVE-2026-7246

pip/flaskFlask session does not add `Vary: Cookie` header when accessed in some ways

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2026-27205

pip/werkzeugWerkzeug safe_join() allows Windows special device names

Risk 21
Severity
6.3
EPSS
0.06%
First published (updated )
CVE-2026-27199

pypi/werkzeugWerkzeug safe_join() allows Windows special device names with compound extensions

Risk 21
Severity
6.3
EPSS
0.08%
First published (updated )
CVE-2026-21860

Pallets WerkzeugWerkzeug safe_join() allows Windows special device names

Risk 29
Severity
6.3
First published (updated )
CVE-2025-66221
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM Cognos AnalyticsJinja sandbox breakout through attr filter selecting format method

Risk 53
Severity
5.4
EPSS
0.07%
First published (updated )
CVE-2025-27516

pip/jinja2Jinja has a sandbox breakout through indirect reference to format method

Risk 69
Severity
7.8
First published (updated )
CVE-2024-56326

pip/jinja2Jinja has a sandbox breakout through malicious filenames

Risk 79
Severity
5.4
First published (updated )
CVE-2024-56201

debian/python-werkzeugWerkzeug possible resource exhaustion when parsing file data in forms

Risk 32
Severity
6.9
EPSS
0.65%
First published (updated )
CVE-2024-49767

pip/WerkzeugWerkzeug safe_join not safe on Windows

Risk 21
Severity
6.3
EPSS
0.03%
First published (updated )
CVE-2024-49766
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

ubuntu/jinja2Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Risk 26
Severity
5.4
EPSS
0.04%
First published (updated )
CVE-2024-34064

ubuntu/python-werkzeugWerkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

Risk 53
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-34069

ubuntu/jinja2Jinja vulnerable to Cross-Site Scripting (XSS)

Risk 29
Severity
6.1
EPSS
0.10%
First published (updated )
CVE-2024-22195

pip/werkzeugWerkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning

Risk 78
Severity
8
First published (updated )
CVE-2023-46136

redhat/flaskFlask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

Risk 46
Severity
7.5
First published (updated )
CVE-2023-30861
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

debian/python-werkzeugWrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass

Risk 19
Severity
3.5
First published (updated )
CVE-2023-23934

redhat/python-werkzeugWerkzeug may allow high resource usage when parsing multipart form data with many fields

Risk 46
Severity
7.5
First published (updated )
CVE-2023-25577

IBM Watson Studio on Cloud Pak for DataImproper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform H…

Risk 86
Severity
9.8
First published (updated )
CVE-2022-29361

ubuntu/jinja2Regular Expression Denial of Service (ReDoS)

Risk 46
Severity
7.5
First published (updated )
CVE-2020-28493

pip/werkzeugOpen redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.

Risk 39
Severity
6.1
First published (updated )
CVE-2020-28724
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

openSUSE LeapPallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness beca…

Risk 45
Severity
7.5
First published (updated )
CVE-2019-14806

palletsprojects WerkzeugPath Traversal

Risk 43
Severity
7.5
First published (updated )
CVE-2019-14322

pip/flaskThe Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of…

Risk 45
Severity
7.5
First published (updated )
CVE-2019-1010083

redhat/python-jinja2Last updated 25 August 2025

Risk 51
Severity
8.6
First published (updated )
CVE-2016-10745

Canonical Ubuntu LinuxLast updated 25 August 2025

Risk 51
Severity
8.6
First published (updated )
CVE-2019-10906
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/flaskInput Validation

Risk 45
Severity
7.5
First published (updated )
CVE-2018-1000656

pip/WerkzeugXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2016-10516

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203