Flask-appbuilder Security Vulnerabilities and Issues — Flask-appbuilder CVE List

Lucene search

DpgasparFlask-appbuilder

4 matches found

CVE•added 2025/03/03 4:15 p.m.•226 views

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

5.3CVSS4.1AI score0.00039EPSS

CVE•added 2024/09/04 4:15 p.m.•207 views

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If u...

5.5CVSS4.4AI score0.00013EPSS

CVE•added 2022/01/31 9:15 p.m.•92 views

CVE-2022-21659

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server wh...

5.3CVSS5AI score0.00261EPSS

CVE•added 2021/06/07 7:15 p.m.•68 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder

5.3CVSS5.2AI score0.0029EPSS