216 matches found
Improper Authentication
Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Improper Authentication via the reset my...
CVE-2025-58065
Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +250 more potentially affected by CVE-2025-58065 via flask-appbuilder (>=1.10.0 <=4.6.3)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.1.0a7 and more Source cves: CVE-2025-58065 Source advisory: OSV:GHSA-765J-9R45-W2Q2...
PT-2025-37255
Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.8.1 Description: Flask-AppBuilder is an application development framework. When configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains accessible...
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CVE-2024-45314
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...
CVE-2023-34110
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...
CVE-2023-29005
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...
CVE-2022-24776
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...
CVE-2021-32805
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious...
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
Open Redirect
Flask-AppBuilder is vulnerable to Open Redirect. The vulnerability is due to improper validation of redirect targets due to trusting the Host header in HTTP requests without verifying it against a safe list of domains...
CVE-2025-32962
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +250 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=1.10.0 <=4.5.4)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.1.0a7 and more Source cves: CVE-2025-32962 Source advisory: OSV:GHSA-99PM-CH96-CCP2...
GHSA-99PM-CH96-CCP2 Flask-AppBuilder open redirect vulnerability using HTTP host injection
Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...
Open Redirect
Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Open Redirect through the manipulation of th...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +133 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=4.1.2 <=4.5.4)
flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-32962 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-10182215...
CVE-2025-32962
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...