Palletsprojects Security Vulnerabilities (CVEs)
Track 11 security vulnerabilities affecting Palletsprojects products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Flask versions 3.1.2 and below have a cache vulnerability where accessing session keys with certain Python operators (like 'in') fails to set proper c...
Feb 21, 2026This vulnerability in Werkzeug's safe_join function allows attackers to cause denial of service by requesting paths ending with Windows device names (...
Nov 29, 2025CVE-2025-27516 is a sandbox escape vulnerability in Jinja templating engine that allows attackers who control template content to execute arbitrary Py...
Mar 5, 2025A vulnerability in Jinja templating engine allows attackers who control both template content and filename to execute arbitrary Python code, bypassing...
Dec 23, 2024This vulnerability in Werkzeug's safe_join() function on Windows with Python < 3.11 allows UNC path bypass, potentially enabling directory traversal a...
Oct 25, 2024Werkzeug versions before 3.0.6 contain a resource exhaustion vulnerability in the MultiPartParser that handles multipart/form-data requests. Attackers...
Oct 25, 2024This vulnerability in Werkzeug's debugger allows attackers to execute arbitrary code on a developer's machine if they can trick the developer into int...
May 6, 2024CVE-2023-46136 is a denial-of-service vulnerability in Werkzeug's multipart data parser. Attackers can send specially crafted file uploads that cause ...
Oct 25, 2023This vulnerability in Flask allows session cookie leakage when specific conditions are met with caching proxies. It affects Flask applications hosted ...
May 2, 2023CVE-2023-25577 is a denial-of-service vulnerability in Werkzeug's multipart form data parser that allows attackers to cause high CPU and memory consum...
Feb 14, 2023CVE-2022-29361 is an HTTP request smuggling vulnerability in Pallets Werkzeug v2.1.0 and below that allows attackers to bypass security controls by se...
May 25, 2022Why Monitor Palletsprojects Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 11+ known vulnerabilities affecting Palletsprojects products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Palletsprojects packages in under 60 seconds. No agents required - completely agentless scanning that works across Palletsprojects deployments.
Free vulnerability database: Access detailed information about every Palletsprojects CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Palletsprojects CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
