Pallets Werkzeug
9 CVEs affecting Pallets Werkzeug. Latest disclosed: 2026-02-21. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-46136 | High | 8.0 | 2023-10-25 | Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a… |
CVE-2024-34069 | High | 7.5 | 2024-05-06 | Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's… |
CVE-2023-25577 | High | 7.5 | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts… |
CVE-2023-23934 | Low | 2.6 | 2023-02-14 | Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable br… |
CVE-2026-27199 | | 2026-02-21 | Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded… | |
CVE-2026-21860 | | 2026-01-08 | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names… | |
CVE-2025-66221 | | 2025-11-29 | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names… | |
CVE-2024-49767 | | 2024-10-25 | Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werk… | |
CVE-2024-49766 | | 2024-10-25 | Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share… |