Werkzeug vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-27199Mediumwerkzeug: Werkzeug safe_join() allows Windows special device namesCVE-2026-21860MediumWerkzeug: Werkzeug safe_join() allows Windows special device names with compound extensionsCVE-2025-66221Mediumwerkzeug: Werkzeug safe_join() allows Windows special device namesCVE-2024-49767MediumQuart: Werkzeug possible resource exhaustion when parsing file data in formsCVE-2024-49766MediumWerkzeug: Werkzeug safe_join not safe on WindowsCVE-2024-34069HighWerkzeug: Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domainCVE-2023-46136Mediumwerkzeug: Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginningCVE-2023-23934LowWerkzeug: Incorrect parsing of nameless cookies leads to __Host- cookies bypassCVE-2023-25577HighWerkzeug: High resource usage when parsing multipart form data with many fieldsCVE-2019-14322Highwerkzeug: Pallets Werkzeug vulnerable to Path TraversalCVE-2016-10516MediumWerkzeug: Pallets Werkzeug cross-site scripting vulnerabilityCVE-2020-28724Mediumwerkzeug: Open Redirect in werkzeugCVE-2019-14806Highwerkzeug: Pallets Werkzeug Insufficient Entropy

Stop the waste.
Protect your environment with Kodem.