Is flask_cors safe to use?

flask_cors has 6 known vulnerabilities on the latest version (4.0.0). DepScope rates its health at 35/100 (critical risk).

What is the latest version of flask_cors?

The latest version of flask_cors is 4.0.0, released 2025-04-22.

Does flask_cors have known vulnerabilities?

Yes. flask_cors has 6 known vulnerabilities. See depscope.dev/pkg/conda/flask_cors for details.

Is flask_cors deprecated?

No, flask_cors is actively maintained. Latest release: 4.0.0 (2025-04-22).

What are alternatives to flask_cors?

DepScope has no curated alternatives for flask_cors at this time.

What license does flask_cors use?

flask_cors is licensed under MIT.

flask_cors

condav4.0.0

Cross Origin Resource Sharing ( CORS ) support for Flask

License MITpermissive4 versions1 maintainers0 deps4,051 weekly dl

corydolphin/flask-cors

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 4.0.2 to fix known vulnerabilities

Low health score (35/100)
2 high severity vulnerabilities

Health breakdown0 – 100

5/25

maintenance

6/20

popularity

7/25

security

12/15

maturity

5/15

community

Vulnerabilities

2 high4 medium

Advisories (6)

Severity	ID	Summary	Fixed in
medium	CVE-2024-6866	Flask-CORS vulnerable to Improper Handling of Case Sensitivity	6.0.0
medium	CVE-2024-6839	Flask-CORS improper regex path matching vulnerability	6.0.0
medium	CVE-2024-1681	flask-cors vulnerable to log injection when the log level is set to debug	4.0.1
medium	CVE-2024-6844	Flask-CORS allows for inconsistent CORS matching	6.0.0
high	CVE-2024-6221	Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default	4.0.2
high	CVE-2024-6221	A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.	4.0.2

OSS Scorecard

OpenSSF security posture score

3.3/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

4

Primary author dominance

50%

GitHub stars

933

single active maintainer 3m

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/flask_cors

First published · 2020-08-31 03:02:26.432000+00:00

Last updated · 2025-04-22 14:57:19.339000+00:00

Severity

Summary

Fixed in

medium

CVE-2024-6866

Flask-CORS vulnerable to Improper Handling of Case Sensitivity

6.0.0

medium

CVE-2024-6839

Flask-CORS improper regex path matching vulnerability

6.0.0

medium

CVE-2024-1681

flask-cors vulnerable to log injection when the log level is set to debug

4.0.1

medium

CVE-2024-6844

Flask-CORS allows for inconsistent CORS matching

6.0.0

high

CVE-2024-6221

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

4.0.2

high

CVE-2024-6221

A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

4.0.2