Werkzeug

Latest version: v3.1.3

Vulnerabilities (17)

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
PVE-2023-62019	62019	Werkzeug 3.0.1 and 2.3.8 include a security fix: Slow multipart parsi…	==3.0.0 <2.3.8	-	-
CVE-2023-46136	71595	Werkzeug is a comprehensive WSGI web application library. If an uploa…	<=2.3.7 >=3.0.0,<3.0.1	HIGH	7.5
CVE-2024-49767	73889	Affected versions of Werkzeug are potentially vulnerable to resource …	<3.0.6	HIGH	7.5
CVE-2024-49766	73969	Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-2…	<3.0.6	-	-
CVE-2024-34069	71594	Werkzeug is a comprehensive WSGI web application library. The debugge…	<3.0.3	-	-
CVE-2023-23934	53326	Werkzeug 2.2.3 includes a fix for CVE-2023-23934: Browsers may allow …	<2.2.3	LOW	3.5
CVE-2023-25577	53325	Werkzeug 2.2.3 includes a fix for CVE-2023-25577: Prior to version 2.…	<2.2.3	HIGH	7.5
PVE-2021-26427	26427	Werkzeug 0.8.3 fixes an XSS problem with redirect targets coming from…	<0.8.3	HIDDEN	X.Y
PVE-2021-26175	26175	werkzeug before 0.8 allowed newlines in the header datastructure, all…	<0.8	HIDDEN	X.Y
PVE-2021-26428	26428	Werkzeug 0.3.1 prevents a timing attack against 'werkzeug.contrib.Sec…	<0.3.1	HIDDEN	X.Y
PVE-2021-37276	37276	Werkzeug 0.15.5 includes a fix for an information disclosure vulnerab…	>=0.15.0,<0.15.5	HIDDEN	X.Y
PVE-2021-26435	26435	The defaults of 'generate_password_hash' in werkzeug 0.12 have been c…	<0.12	HIDDEN	X.Y
CVE-2020-28724	39160	Werkzeug before 0.11.6 includes an open redirect vulnerability via a …	<0.11.6	MEDIUM	6.1
CVE-2016-10516	35661	Cross-site scripting (XSS) vulnerability in the render_full function …	<0.11.11	MEDIUM	6.1
CVE-2019-14322	54148	In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles dr…	>=0,<0.15.5	HIGH	7.5
CVE-2019-14806	54681	Pallets Werkzeug before 0.15.3, when used with Docker, has insufficie…	>=0,<0.15.3	HIGH	7.5
PVE-2024-99827	65602	This vulnerability occurs in certain versions of werkzeug where an at…	>=0,<0.11.11	-	-