Is flask-user safe to use?

flask-user has 2 known vulnerabilities on the latest version (1.0.2.2). DepScope rates its health at 42/100 (high risk).

What is the latest version of flask-user?

The latest version of flask-user is 1.0.2.2, released 2025-04-22.

Yes. flask-user has 2 known vulnerabilities. See depscope.dev/pkg/conda/flask-user for details.

No, flask-user is actively maintained. Latest release: 1.0.2.2 (2025-04-22).

DepScope has no curated alternatives for flask-user at this time.

flask-user is licensed under BSD-2-Clause.

condav1.0.2.2

Customizable User Account Management for Flask: Register, Confirm email, Login, Change username, Change password, Forgot password and more.

License BSD-2-Clausepermissive9 versions1 maintainers0 deps700 weekly dl

/ 100

Health

safe to use

[email protected] is safe to use (health: 42/100)

Health breakdown0 – 100

5/25

maintenance

3/20

popularity

23/25

security

9/15

maturity

2/15

community

Vulnerabilities

1 medium1 low

Advisories (2)

Severity	ID	Summary	Fixed in
medium	CVE-2021-23401	Open Redirect in Flask-User	—
unknown	CVE-2021-23401	This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.	—

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/flask-user

First published · 2021-05-30 20:48:29.333000+00:00

Last updated · 2025-04-22 14:56:27.652000+00:00