Every CVE whose affected-product data names Palletsprojects Flask, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-1000656 — CVSS 7.5 (high): The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in…
CVE-2019-1010083 — CVSS 7.5 (high): The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is…
CVE-2023-30861 — CVSS 7.5 (high): Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended…
CVE-2026-27205 — CVSS 4.3 (medium): Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed…