Flask — CVE history (PyPI)
Flask
4 CVEs affect the Flask PyPI package (highest CVSS 7.5). Latest disclosed: 2026-02-21. Full CVE history sourced from NVD.
Summary
- Package
Flask(PyPI)- Total CVEs
4- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-02-21
Recent CVEs (top 4)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27205 | — | — | — | 2026-02-21 | Flask is a web server gateway interface (WSGI) web application framework. |
CVE-2025-47278 | — | — | — | 2025-05-13 | Flask is a web server gateway interface (WSGI) web application framework. |
CVE-2023-30861 | High | 7.5 | — | 2023-05-02 | Flask is a lightweight WSGI web application framework. |
CVE-2019-1010083 | — | — | — | 2019-07-17 | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-30861 | High | 7.5 | — | 2023-05-02 | Flask is a lightweight WSGI web application framework. |