DepKeep

OSS Support Hub / Web Framework

Python Web Framework BSD-3-Clause Latest: 3.1.3

Flask

A lightweight WSGI web application framework for Python

PyPIGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and PyPI, updated daily.

โญ
71.5K+5
GitHub Stars
๐Ÿ“ฆ
3.1.3
Latest Release ยท 2 months ago
๐Ÿ”„
114d
Avg. Release Cadence
๐Ÿ›
3
Open Issues
๐Ÿ“…
2 days ago
Last Commit
๐Ÿ”’
8
Active CVEs

Data last fetched: 2026-05-15

Security

Known Vulnerabilities

8 active CVEs reported via OSV.dev

GHSA-4grg-w6v8-c28g CVSS_V4

Flask uses fallback key instead of current signing key

Published: 2025-05-13 Fixed in: 3.1.1
GHSA-562c-5r94-xh97 CVSS_V3

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

Published: 2018-08-23 Fixed in: 0.12.3
GHSA-5wv5-4vpf-pj6m CVSS_V3

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

Published: 2019-07-19 Fixed in: 1.0
GHSA-68rp-wp8r-4726 CVSS_V4

Flask session does not add `Vary: Cookie` header when accessed in some ways

Published: 2026-02-19 Fixed in: 3.1.3
GHSA-m2qf-hxjv-5gpq CVSS_V3

Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

Published: 2023-05-01 Fixed in: 2.3.2
PYSEC-2018-66 Unknown

Published: 2018-08-20 Fixed in: 0.12.3
PYSEC-2019-179 Unknown

Published: 2019-07-17 Fixed in: 1.0
PYSEC-2023-62 Unknown

Published: 2023-05-02 Fixed in: 70f906c51ce49c485f1d355703e9cc3386b1cc2b
Ecosystem

Alternatives to Flask

Other Web Framework projects in the Python ecosystem worth evaluating.

django โ†’ fastapi โ†’ tornado โ†’
Get Help

Support Options for Flask

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Flask โ€” without relying on volunteer maintainers.

Talk to an Expert โ†’

Community Channels

GitHub Discussions โ†’Stack Overflow โ†’