216 matches found
PYSEC-2026-340 Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...
ROOT-APP-PYPI-CVE-2024-25128 CVE-2024-25128 in rootio-Flask-AppBuilder - Patched by Root
Root has patched CVE-2024-25128 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-34110 CVE-2023-34110 in rootio-Flask-AppBuilder - Patched by Root
Root has patched CVE-2023-34110 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-58065 CVE-2025-58065 in rootio-Flask-AppBuilder - Patched by Root
Root has patched CVE-2025-58065 in the rootio-Flask-AppBuilder package for Root:PyPI. Multiple fixed versions available...
CVE-2022-31177
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...
EUVD-2021-0082
Malware in sbrugna...
EUVD-2021-0083
Malware in sbrugna...
EUVD-2021-0081
Malware in sbrugna...
EUVD-2024-2784
Malicious code in bioql PyPI...
EUVD-2022-1268
Malicious code in bioql PyPI...
EUVD-2022-0103
Malicious code in bioql PyPI...
EUVD-2022-0104
Malicious code in bioql PyPI...
EUVD-2024-0659
Malicious code in bioql PyPI...
EUVD-2025-28980
Malicious code in bioql PyPI...
EUVD-2025-15450
Malicious code in bioql PyPI...
EUVD-2024-0631
Malicious code in bioql PyPI...
EUVD-2023-1250
Malicious code in bioql PyPI...
EUVD-2025-5564
Malicious code in bioql PyPI...
EUVD-2023-0078
Malicious code in bioql PyPI...
CVE-2025-58065
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...