Flask
This hub aggregates every CVE we track for Flask, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Flask.
- CVE-2026-27205Flask session does not add `Vary: Cookie` header when accessed in some ways4.3
- CVE-2024-1681Log Injection Vulnerability in corydolphin/flask-cors5.3
- CVE-2023-30861Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header7.5
- CVE-2019-1010083The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this ...7.5
- CVE-2018-1000656The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of ser...7.5
Product normalization is registry-driven with AI assist and human review. How it works