CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dpgaspar: >> Flask-Appbuilder >> 4.2.1 Security Vulnerabilities

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

CVSS Score

3.7

EPSS Score

0.001

Published

2025-03-03

CVE-2023-29005

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.

CVSS Score

7.5

EPSS Score

0.002

Published

2023-04-10

Page 1

Vulnerabilities

Vulnerable Software

Dpgaspar: >> Flask-Appbuilder >> 4.2.1 Security Vulnerabilities

Products

Pricing

Contact Us