Dpgaspar Flask-appbuilder — known CVE vulnerabilities
Every CVE whose affected-product data names Dpgaspar Flask-appbuilder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-25128 — CVSS 9.1 (critical): Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it…
CVE-2021-41265 — CVSS 8.1 (high): Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability…
CVE-2023-29005 — CVSS 7.5 (high): Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0…
CVE-2021-32805 — CVSS 7.2 (high): Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an…
CVE-2025-58065 — CVSS 6.5 (medium): Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP…
CVE-2022-24776 — CVSS 6.1 (medium): Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open…
CVE-2022-21659 — CVSS 5.3 (medium): Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user…
CVE-2021-29621 — CVSS 5.3 (medium): Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <=…
CVE-2025-32962 — CVSS 4.3 (medium): Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious…
CVE-2024-27083 — CVSS 4.3 (medium): Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been…
CVE-2025-24023 — CVSS 3.7 (low): Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate…
CVE-2024-45314 — CVSS 3.6 (low): Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows…
CVE-2022-31177 — CVSS 2.7 (low): Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an…