Home/Product/palletsprojects werkzeug
Product

palletsprojects werkzeug

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-27199
< 3.1.6
Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device n
5.3MEDIUM
 CVE-2026-21860
< 3.1.5
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segmen
5.3MEDIUM
 CVE-2025-66221
< 3.1.4
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segmen
5.3MEDIUM
 CVE-2024-49767
< 3.0.6
Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corre
7.5HIGH
 CVE-2024-49766
< 3.0.6
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UN
5.3MEDIUM
 CVE-2024-34069
< 3.0.3
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to e
7.5HIGH
 CVE-2023-46136
< 2.3.8
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior
8.0HIGH
 CVE-2023-25577
< 2.2.3
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse
7.5HIGH
 CVE-2023-23934
< 2.2.3
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of
2.6LOW
 CVE-2022-29361
<= 2.1.0
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a
9.8CRITICAL
 CVE-2020-28724
< 0.11.6
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
6.1MEDIUM
 CVE-2019-14806
< 0.15.3
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share th
7.5HIGH
 CVE-2019-14322
< 0.15.5
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
7.5HIGH
 CVE-2016-10516
< 0.11.11
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug befor
6.1MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin