Security context
What an agent needs to avoid regressing past fixes — and find the next bug in this project.
10
Advisories
10
CVEs
High
Peak severity
9
With fix diff
Distribution
By severity
High
3
Medium
1
Low
2
Unrated
4
By weakness class
Other
8
Denial of Service
1
Improper Validation
1
Every fixed vulnerability (10)
High3 fixed
HighFlask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie headerCVE-2023-308613y agoHighPallets Project Flask is vulnerable to Denial of Service via Unexpected memory usageCVE-2019-10100836y agoHighFlask is vulnerable to Denial of Service via incorrect encoding of JSON dataCVE-2018-10006567y ago
Low2 fixed
Unrated4 fixed
UnratedFlask uses fallback key instead of current signing keyCVE-2025-472789d agoUnratedFlask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxyCVE-2023-308613y agoUnratedThe Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this mayCVE-2019-10100837y agoUnratedThe Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of servicCVE-2018-10006567y ago