pkg:PyPI/flask-appbuilder

21 total CVEsCRITICAL1HIGH5MEDIUM8LOW7

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.1CVE-2024-25128Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
    from 0, < 4.3.11
  • HIGH8.1CVE-2021-41265Improper Authentication in Flask-AppBuilder
    from 0, < eba517aab121afa3f3f2edb011ec6bc4efd61fbc | from 0, < 3.3.4
  • HIGH8.1CVE-2021-41265Improper Authentication in Flask-AppBuilder
    from 0, < 3.3.4
  • HIGH7.5CVE-2023-29005Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
    from 0, < 4.3.0
  • HIGH7.2CVE-2021-32805Flask-AppBuilder Open Redirect vulnerability
    from 0, < 3.3.2
  • HIGH7.2CVE-2021-32805Flask-AppBuilder Open Redirect vulnerability
    from 0, < 6af28521589599b1dbafd6313256229ee9a4fa74 | from 0, < 3.3.2
  • MEDIUM6.5CVE-2025-58065Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
    from 0, < 4.8.1
  • MEDIUM6.1CVE-2022-24776Open Redirect in Flask-AppBuilder
    from 0, < 3.4.5
  • MEDIUM5.3CVE-2022-21659Observable Response Discrepancy in Flask-AppBuilder
    from 0, < 3.4.4
  • MEDIUM5.3CVE-2022-21659Observable Response Discrepancy in Flask-AppBuilder
    from 0, < 3.4.2
  • MEDIUM5.3CVE-2021-29621Observable Response Discrepancy in Flask-AppBuilder
    from 0, < 780bd0e8fbf2d36ada52edb769477e0a4edae580 | from 0, < 3.3.0
  • MEDIUM5.3CVE-2021-29621Observable Response Discrepancy in Flask-AppBuilder
    from 0, < 3.3.0
  • MEDIUM4.3CVE-2025-32962Flask-AppBuilder open redirect vulnerability using HTTP host injection
    from 0, < 4.6.2
  • MEDIUM4.3CVE-2024-27083Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
    >= 4.1.4, < 4.2.1
  • LOW3.7CVE-2025-24023Flask-AppBuilder Observable Response Discrepancy
    from 0, < 4.5.3
  • LOW3.7CVE-2025-24023Flask-AppBuilder Observable Response Discrepancy
    from 0, < 4.5.3
  • LOW3.6CVE-2024-45314Flask-AppBuilder's login form allows browser to cache sensitive fields
    from 0, < 4.5.1
  • LOW2.7CVE-2023-34110Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
    from 0, < 4.3.2
  • LOW2.7CVE-2023-34110Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
    from 0, < ae25ad4c87a9051ebe4a4e8f02aee73232642626 | from 0, < 4.3.2
  • LOW2.7CVE-2022-31177Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
    from 0, < 4.1.3
  • LOW2.7CVE-2022-31177Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
    from 0, < 4.1.3