Homepage

python-werkzeug vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the python-werkzeug package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Cross-site Request Forgery (CSRF)

*
  • H
Cross-site Request Forgery (CSRF)

*
  • H
Cross-site Request Forgery (CSRF)

*
  • M
Algorithmic Complexity

*
  • M
Algorithmic Complexity

*
  • M
Information Exposure Through Log Files

<0:0.9.1-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • M
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
SQL Injection

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
Deserialization of Untrusted Data

<0:0.9.1-1.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • H
XML External Entity (XXE) Injection

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
Use of a Broken or Risky Cryptographic Algorithm

<0:0.9.1-1.el7sat
  • H
Improper Access Control

<0:0.9.1-1.el7sat
  • H
Missing Required Cryptographic Step

<0:0.9.1-1.el7sat
  • H
Missing Required Cryptographic Step

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
Covert Timing Channel

<0:0.9.1-1.el7sat
  • H
Incorrect Calculation

<0:0.9.1-1.el7sat
  • H
Missing Required Cryptographic Step

<0:0.9.1-1.el7sat
  • H
Missing Required Cryptographic Step

<0:0.9.1-1.el7sat
  • H
Missing Required Cryptographic Step

<0:0.9.1-1.el7sat
  • M
Directory Traversal

<0:0.9.1-1.el7sat
  • H
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

<0:0.9.1-1.el7sat
  • H
Improper Certificate Validation

<0:0.9.1-1.el7sat
  • M
CVE-2013-6668

<0:0.9.1-1.el7sat
  • M
Information Exposure

<0:0.9.1-1.el7sat
  • M
Improper Input Validation

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
Improper Input Validation

<0:0.9.1-1.el7sat
  • H
Improper Input Validation

<0:0.9.1-1.el7sat
  • H
Cross-site Scripting (XSS)

<0:0.9.1-1.el7sat
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:0.9.1-1.el7sat
  • M
Omission of Security-relevant Information

<0:0.9.1-1.el7sat
  • H
Information Exposure

<0:0.9.1-1.el7sat
  • H
Incomplete Blacklist

<0:0.9.1-1.el7sat
  • L
Improper Input Validation

*
  • L
Improper Input Validation

*
  • L
Improper Input Validation

*
  • L
Improper Input Validation

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
Open Redirect

*
  • M
Open Redirect

*
  • L
Use of Insufficiently Random Values

*
  • H
Resource Exhaustion

<0:0.9.1-1.el7
  • M
Resource Exhaustion

<0:0.9.1-1.el7sat
  • H
Out-of-Bounds

<0:0.9.1-1.el7sat
  • M
CVE-2016-6346

<0:0.9.1-1.el7sat
  • M
Access Restriction Bypass

<0:0.9.1-1.el7sat
  • M
Improper Data Handling

<0:0.9.1-1.el7sat
  • M
Improper Data Handling

<0:0.9.1-1.el7sat
  • M
Algorithmic Complexity

<0:0.9.1-1.el7sat