{"package":"flask-user","ecosystem":"conda","latest_version":"1.0.2.2","description":"Customizable User Account Management for Flask: Register, Confirm email, Login, Change username, Change password, Forgot password and more.","license":"BSD-2-Clause","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://github.com/lingthio/Flask-User","repository":"http://github.com/lingthio/Flask-User","downloads_weekly":701,"health":{"score":42,"risk":"high","breakdown":{"maintenance":0,"popularity":3,"security":23,"maturity":9,"community":7},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2021-23401","severity":"medium","summary":"Open Redirect in Flask-User","affected_versions":"<=1.0.2.2|=0.3|=0.3.1|=0.3.2|=0.3.3|=0.3.4|=0.3.5|=0.3.6|=0.3.7|=0.3.8|=0.4.0|=0.4.1|=0.4.2|=0.4.3|=0.4.4|=0.4.5|=0.4.6|=0.4.7|=0.4.8|=0.4.9|=0.5.0|=0.5.1|=0.5.2|=0.5.3|=0.5.4|=0.5.5|=0.6|=0.6.1|=0.6.10|=0.6.12|=0.6.13|=0.6.14|=0.6.15|=0.6.16|=0.6.17|=0.6.19|=0.6.2|=0.6.20|=0.6.21|=0.6.3|=0.6.4|=0.6.5|=0.6.6|=0.6.7|=0.6.8|=0.6.9|=1.0.1.1|=1.0.1.2|=1.0.1.3|=1.0.1.4|=1.0.1.5|=1.0.2.0|=1.0.2.1|=1.0.2.2","fixed_version":null,"source":"osv","published_at":"2021-08-09T20:44:32Z","in_kev":false,"epss_prob":0.00265,"epss_percentile":0.49946,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-23401","severity":"unknown","summary":"This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\\\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.","affected_versions":"=0.3|=0.3.1|=0.3.2|=0.3.3|=0.3.4|=0.3.5|=0.3.6|=0.3.7|=0.3.8|=0.4.0|=0.4.1|=0.4.2|=0.4.3|=0.4.4|=0.4.5|=0.4.6|=0.4.7|=0.4.8|=0.4.9|=0.5.0|=0.5.1|=0.5.2|=0.5.3|=0.5.4|=0.5.5|=0.6|=0.6.1|=0.6.10|=0.6.12|=0.6.13|=0.6.14|=0.6.15|=0.6.16|=0.6.17|=0.6.19|=0.6.2|=0.6.20|=0.6.21|=0.6.3|=0.6.4|=0.6.5|=0.6.6|=0.6.7|=0.6.8|=0.6.9|=1.0.1.1|=1.0.1.2|=1.0.1.3|=1.0.1.4|=1.0.1.5|=1.0.2.0|=1.0.2.1|=1.0.2.2","fixed_version":null,"source":"osv","published_at":"2021-07-05T11:15:00Z","in_kev":false,"epss_prob":0.00265,"epss_percentile":0.49946,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.0.2.2","total_count":9,"recent":["0.6.8","0.6.11","0.6.20","1.0.1.1","1.0.1.2","1.0.1.3","1.0.1.4","1.0.1.5","1.0.2.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2021-05-30 20:48:29.333000+00:00","last_published":"2025-04-22 14:56:27.652000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":1075,"forks":298,"open_issues":125,"is_archived":false,"pushed_at":"2022-02-03T05:42:05Z","subscribers_count":39},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.0.2.2","version_hint":null,"summary":"flask-user@1.0.2.2 is safe to use (health: 42/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":9,"first_release_age_days":1794,"last_release_days_ago":371,"avg_days_between_releases":224,"release_velocity":"stale"}}