All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2024-34069 | Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This re… | High | – | – | >=0.3,<3.0.3 |
| CVE-2023-46136 | Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are ap… | High | – | – | <=2.3.7 >=3.0.0,<3.0.1 |
| CVE-2023-25577 | Werkzeug 2.2.3 includes a fix for CVE-2023-25577: Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amou… | High | – | – | <=2.0.0rc1,<2.2.3 |
| CVE-2026-27199 | Affected versions of the Werkzeug package are vulnerable to Denial of Service (DoS) due to improper handling of Windows special device names in path joining logic. The safe_join() function fails to re… | Medium | – | – | <3.1.6 |
| CVE-2026-21860 | Affected versions of the Werkzeug package are vulnerable to Improper Handling of Windows Device Names due to incomplete validation of Windows reserved device names in user-controlled path segments. In… | Medium | – | – | <3.1.5 |
| CVE-2025-66221 | Affected versions of the Werkzeug package are vulnerable to Denial of Service (DoS) due to improper handling of Windows special device names in the safe_join function. In Werkzeug versions before 3.1.… | Medium | – | – | <3.1.4 |
| CVE-2024-49767 | Affected versions of Werkzeug are potentially vulnerable to resource exhaustion when parsing file data in forms. Applications using 'werkzeug.formparser.MultiPartParser' to parse 'multipart/form-data'… | Medium | – | – | <3.0.6 |
| CVE-2024-49766 | Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11. The safe_join() function failed to properly detect certain absolute paths… | Medium | – | – | <3.0.6 |
| CVE-2020-28724 | Werkzeug before 0.11.6 includes an open redirect vulnerability via a double slash in the URL. See CVE-2020-28724. | Medium | – | – | <0.11.6 |
| CVE-2023-23934 | Werkzeug 2.2.3 includes a fix for CVE-2023-23934: Browsers may allow "nameless" cookies that look like '=value' instead of 'key=value'. A vulnerable browser may allow a compromised application on an a… | Low | – | – | <2.2.3 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.