Dpgaspar Flask-appbuilder
13 CVEs affecting Dpgaspar Flask-appbuilder. Latest disclosed: 2025-09-11. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25128 | Critical | 9.1 | 2024-02-28 | Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to f… |
CVE-2021-41265 | High | 8.1 | 2021-12-09 | Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The… |
CVE-2023-29005 | High | 7.5 | 2023-04-10 | Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to en… |
CVE-2021-32805 | High | 7.2 | 2021-09-08 | Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a… |
CVE-2025-58065 | Medium | 6.5 | 2025-09-11 | Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database… |
CVE-2022-24776 | Medium | 6.1 | 2022-03-24 | Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability whe… |
CVE-2021-29621 | Medium | 5.3 | 2021-06-07 | Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non… |
CVE-2025-32962 | Medium | 4.3 | 2025-05-16 | Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to pe… |
CVE-2024-27083 | Medium | 4.3 | 2024-02-28 | Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth lo… |
CVE-2025-24023 | Low | 3.7 | 2025-03-03 | Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timi… |
CVE-2024-45314 | Low | 3.6 | 2024-09-04 | Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally sto… |
CVE-2023-34110 | Low | 2.7 | 2023-06-22 | Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges… |
CVE-2022-31177 | Low | 2.7 | 2022-08-01 | Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could q… |