DepKeep

OSS Support Hub / Web Framework

Python Web Framework BSD-3-Clause Latest: 3.1.3

Flask

A lightweight WSGI web application framework for Python

PyPIGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and PyPI, updated daily.

71.6K+106
GitHub Stars
📦
3.1.3
Latest Release · 3 months ago
🔄
114d
Avg. Release Cadence
🐛
4
Open Issues
📅
10 days ago
Last Commit
🔒
8
Active CVEs

Data last fetched: 2026-06-09

Security

Known Vulnerabilities

8 active CVEs reported via OSV.dev

GHSA-4grg-w6v8-c28g CVSS_V4

Flask uses fallback key instead of current signing key

Published: 2025-05-13 Fixed in: 3.1.1
GHSA-562c-5r94-xh97 CVSS_V3

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

Published: 2018-08-23 Fixed in: 0.12.3
GHSA-5wv5-4vpf-pj6m CVSS_V3

Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage

Published: 2019-07-19 Fixed in: 1.0
GHSA-68rp-wp8r-4726 CVSS_V4

Flask session does not add `Vary: Cookie` header when accessed in some ways

Published: 2026-02-19 Fixed in: 3.1.3
GHSA-m2qf-hxjv-5gpq CVSS_V3

Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header

Published: 2023-05-01 Fixed in: 2.3.2
PYSEC-2018-66 Unknown

Published: 2018-08-20 Fixed in: 0.12.3
PYSEC-2019-179 Unknown

Published: 2019-07-17 Fixed in: 1.0
PYSEC-2023-62 Unknown

Published: 2023-05-02 Fixed in: 70f906c51ce49c485f1d355703e9cc3386b1cc2b
Ecosystem

Alternatives to Flask

Other Web Framework projects in the Python ecosystem worth evaluating.

django fastapi tornado
Get Help

Support Options for Flask

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Flask — without relying on volunteer maintainers.

Talk to an Expert →

Community Channels

GitHub Discussions →Stack Overflow →