| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2016-10321 |
critical |
9.8 |
9.8 |
9y ago |
web2py is vulnerable to password brute-force attack |
|
| CVE-2016-4808 |
high |
8.8 |
8.8 |
10y ago |
Web2py Cross-Site Request Forgery vulnerability |
|
| CVE-2016-4807 |
medium |
4.8 |
4.8 |
10y ago |
Web2py Reflected XSS vulnerability |
|
| CVE-2026-25198 |
unknown |
— |
— |
4mo ago |
web2py has an Open Redirect Vulnerability |
|
| CVE-2023-22432 |
unknown |
— |
— |
3y ago |
Open redirect in web2py |
|
| CVE-2022-33146 |
unknown |
— |
— |
4y ago |
Open redirect in web2py |
|
| CVE-2016-3954 |
unknown |
— |
— |
4y ago |
web2py exposure of sensitive information |
|
| CVE-2016-3953 |
unknown |
— |
— |
4y ago |
web2py remote code execution via hardcoded encryption key in session.connect function |
|