pkg:PyPI/werkzeug

20 total CVEsCRITICAL1HIGH7MEDIUM7LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-29361Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted H…
    from 0, < 9a3a981d70d2e9ec3344b5192f86fcaf3210cd85 | from 0, < 2.1.1
  • HIGH7.5CVE-2024-49767Werkzeug possible resource exhaustion when parsing file data in forms
    >= 2.0.0rc1, < 3.0.6
  • HIGH7.5CVE-2024-34069python-werkzeug - security update
    from 0, < 3.0.3
  • HIGH7.5CVE-2023-25577High resource usage when parsing multipart form data with many fields
    from 0, < 2.2.3
  • HIGH7.5CVE-2023-25577High resource usage when parsing multipart form data with many fields
    from 0, < 517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 | from 0, < 2.2.3
  • HIGH7.5CVE-2019-14322Pallets Werkzeug vulnerable to Path Traversal
    from 0, < 0.15.5
  • HIGH7.5CVE-2019-14806Pallets Werkzeug Insufficient Entropy
    from 0, < 0.15.3
  • HIGH7.5CVE-2019-14806Pallets Werkzeug Insufficient Entropy
    from 0, < 00bc43b1672e662e5e3b8cecd79e67fc968fa246 | from 0, < 0.15.3
  • MEDIUM6.1CVE-2016-10516python-werkzeug - security update
    from 0, < 0.11.11
  • MEDIUM6.1CVE-2016-10516python-werkzeug - security update
    from 0, < 0.11.11
  • MEDIUM6.1CVE-2020-28724Open Redirect in werkzeug
    from 0, < 0.11.6
  • MEDIUM6.1CVE-2020-28724Open Redirect in werkzeug
    from 0, < 0.11.6
  • MEDIUM5.7CVE-2023-46136Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
    >= 3.0.0, < 3.0.1
  • MEDIUM5.7CVE-2023-46136Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
    from 0, < f3c803b3ade485a45f12b6d6617595350c0f03e2, < f2300208d5e2a5076cbbb4c2aad71096fd040ef9 | from 0, < 2.3.8, >= 3.0.0, < 3.0.1
  • MEDIUM5.3CVE-2026-21860Werkzeug safe_join() allows Windows special device names with compound extensions
    from 0, < 3.1.5
  • LOW2.6CVE-2023-23934python-werkzeug - security update
    from 0, < 2.2.3
  • LOW2.6CVE-2023-23934python-werkzeug - security update
    from 0, < cf275f42acad1b5950c50ffe8ef58fe62cdce028 | from 0, < 2.2.3
  • CVE-2026-27199Werkzeug safe_join() allows Windows special device names
    from 0, < 3.1.6
  • CVE-2025-66221Werkzeug safe_join() allows Windows special device names
    from 0, < 3.1.4
  • CVE-2024-49766Werkzeug safe_join not safe on Windows
    from 0, < 3.0.6