Latest version: v3.0.3
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| PVE-2023-62019 | 62019 |
Werkzeug 3.0.1 and 2.3.8 include a security fix: Slow multipart parsi… |
|
- | - |
| CVE-2023-25577 | 53325 |
Werkzeug 2.2.3 includes a fix for CVE-2023-25577: Prior to version 2.… |
|
HIGH | 7.5 |
| CVE-2023-23934 | 53326 |
Werkzeug 2.2.3 includes a fix for CVE-2023-23934: Browsers may allow … |
|
LOW | 3.5 |
| PVE-2021-26427 | 26427 |
Werkzeug 0.8.3 fixes an XSS problem with redirect targets coming from… |
|
HIDDEN | X.Y |
| PVE-2021-26175 | 26175 |
werkzeug before 0.8 allowed newlines in the header datastructure, all… |
|
HIDDEN | X.Y |
| PVE-2021-26428 | 26428 |
Werkzeug 0.3.1 prevents a timing attack against 'werkzeug.contrib.Sec… |
|
HIDDEN | X.Y |
| PVE-2021-37276 | 37276 |
Werkzeug 0.15.5 includes a fix for an information disclosure vulnerab… |
|
HIDDEN | X.Y |
| PVE-2021-26435 | 26435 |
The defaults of 'generate_password_hash' in werkzeug 0.12 have been c… |
|
HIDDEN | X.Y |
| CVE-2020-28724 | 39160 |
Werkzeug before 0.11.6 includes an open redirect vulnerability via a … |
|
MEDIUM | 6.1 |
| CVE-2016-10516 | 35661 |
Cross-site scripting (XSS) vulnerability in the render_full function … |
|
MEDIUM | 6.1 |
| CVE-2019-14322 | 54148 |
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles dr… |
|
HIGH | 7.5 |
| CVE-2019-14806 | 54681 |
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficie… |
|
HIGH | 7.5 |
| PVE-2024-99827 | 65602 |
This vulnerability occurs in certain versions of werkzeug where an at… |
|
- | - |