Werkzeug — CVE history (PyPI)
Werkzeug
10 CVEs affect the Werkzeug PyPI package (highest CVSS 8.0). Latest disclosed: 2026-02-21. Full CVE history sourced from NVD.
Summary
- Package
Werkzeug(PyPI)- Total CVEs
10- Actively exploited (CISA KEV)
- 0
- Highest CVSS
8.0- Latest disclosed
- 2026-02-21
Recent CVEs (top 10)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-27199 | — | — | — | 2026-02-21 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2026-21860 | — | — | — | 2026-01-08 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2025-66221 | — | — | — | 2025-11-29 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2024-49767 | — | — | — | 2024-10-25 | Werkzeug is a Web Server Gateway Interface web application library. |
CVE-2024-49766 | — | — | — | 2024-10-25 | Werkzeug is a Web Server Gateway Interface web application library. |
CVE-2024-34069 | High | 7.5 | — | 2024-05-06 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2023-46136 | High | 8.0 | — | 2023-10-25 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2023-25577 | High | 7.5 | — | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2023-23934 | Low | 2.6 | — | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2016-10516 | Medium | 6.1 | — | 2017-10-23 | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web scrip… |
All-time worst (top 5 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-46136 | High | 8.0 | — | 2023-10-25 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2024-34069 | High | 7.5 | — | 2024-05-06 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2023-25577 | High | 7.5 | — | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. |
CVE-2016-10516 | Medium | 6.1 | — | 2017-10-23 | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web scrip… |
CVE-2023-23934 | Low | 2.6 | — | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. |