Security

Report a vulnerability

.github/SECURITY.md

Security Policy

Reporting Vulnerabilities

⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️

If you have any concern or believe you have found a vulnerability in Flask-AppBuilder, please get in touch privately at e-mail address [email protected].

We kindly ask you to include the following information in your report:

Output from pip freeze
Detailed steps to reproduce the vulnerability

Login form allows browser to cache sensitive fields
GHSA-fw5r-6m3x-rh7p published Sep 4, 2024 by dpgaspar

Low
OAuth login page subject to Cross Site Scripting (XSS)
GHSA-fqxj-46wg-9v84 published Feb 28, 2024 by dpgaspar

Moderate
Incorrect authentication when using auth type OpenID
GHSA-j2pw-vp55-fqqj published Feb 28, 2024 by dpgaspar

Moderate
Possible disclosure of sensitive information on user error
GHSA-jhpr-j7cq-3jp3 published Jun 22, 2023 by dpgaspar

Low
No Rate Limiting on Login AUTH DB
GHSA-9hcr-9hcv-x6pv published Apr 10, 2023 by dpgaspar

Low
Possible to infer sensitive information through query strings
GHSA-32ff-4g79-vgfc published Jul 28, 2022 by dpgaspar

Moderate
Possible URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder
GHSA-2ccw-7px8-vmpf published Mar 24, 2022 by dpgaspar

Low
Observable Response Discrepancy in Flask-AppBuilder
GHSA-wfjw-w6pv-8p7f published Jan 31, 2022 by dpgaspar

Moderate
Improper Authentication in Flask-AppBuilder
GHSA-m3rf-7m4w-r66q published Dec 9, 2021 by dpgaspar

High
URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder
GHSA-624f-cqvr-3qw4 published Sep 8, 2021 by dpgaspar

Low

Learn more about advisories related to dpgaspar/Flask-AppBuilder in the GitHub Advisory Database