P

Palletsprojects Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Palletsprojects products.

2 known CVE vulnerabilities tracked

Critical
0
High
2
Medium
0
Low
0
None
0

Vulnerabilities By Year

1
2023
1
2026

Products Affected

Click 1 Werkzeug 1

All Palletsprojects CVEs

Recent Highest Score Oldest
CVE-2026-7246
7.2 high

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

Click Apr 30, 2026
CVE-2023-46136
8.0 high

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by c

Werkzeug Oct 25, 2023