pkg:PyPI/flask-appbuilder

All known vulnerabilities

• CRITICAL9.1CVE-2024-25128Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
  from 0, < 4.3.11
• HIGH8.1CVE-2021-41265Improper Authentication in Flask-AppBuilder
  from 0, < eba517aab121afa3f3f2edb011ec6bc4efd61fbc | from 0, < 3.3.4
• HIGH8.1Improper Authentication in Flask-AppBuilder
  from 0, < 3.3.4
• HIGH7.5Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
  from 0, < 4.3.0
• HIGH7.2Flask-AppBuilder Open Redirect vulnerability
  from 0, < 3.3.2
• HIGH7.2Flask-AppBuilder Open Redirect vulnerability
  from 0, < 6af28521589599b1dbafd6313256229ee9a4fa74 | from 0, < 3.3.2
• MEDIUM6.5Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
  from 0, < 4.8.1
• MEDIUM6.1Open Redirect in Flask-AppBuilder
  from 0, < 3.4.5
• MEDIUM5.3Observable Response Discrepancy in Flask-AppBuilder
  from 0, < 3.4.4
• MEDIUM5.3Observable Response Discrepancy in Flask-AppBuilder
  from 0, < 3.4.2
• MEDIUM5.3Observable Response Discrepancy in Flask-AppBuilder
  from 0, < 780bd0e8fbf2d36ada52edb769477e0a4edae580 | from 0, < 3.3.0
• MEDIUM5.3Observable Response Discrepancy in Flask-AppBuilder
  from 0, < 3.3.0
• MEDIUM4.3Flask-AppBuilder open redirect vulnerability using HTTP host injection
  from 0, < 4.6.2
• MEDIUM4.3Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
  >= 4.1.4, < 4.2.1
• LOW3.7Flask-AppBuilder Observable Response Discrepancy
  from 0, < 4.5.3
• LOW3.7Flask-AppBuilder Observable Response Discrepancy
  from 0, < 4.5.3
• LOW3.6Flask-AppBuilder's login form allows browser to cache sensitive fields
  from 0, < 4.5.1
• LOW2.7Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
  from 0, < 4.3.2
• LOW2.7Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
  from 0, < ae25ad4c87a9051ebe4a4e8f02aee73232642626 | from 0, < 4.3.2
• LOW2.7Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
  from 0, < 4.1.3
• LOW2.7Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
  from 0, < 4.1.3