greprules.io
Sign inSubmit rule
IndexedVerified

Python Web Security

Django, Flask, and FastAPI SAST rules aggregated across verified providers.

Fetch pack

greprules pack fetch python-web-security --engine opengrep
curl https://api.greprules.io/api/packs/python-web-security.tar.gz -o python-web-security.tar.gz
Total rules
28
Downloads
0
Last updated
2026-06-05
Languages
python

Included rules

CVE-2024-23826: Python Secure Filename Dos Missing Length Checkcve-2024-23826-python-secure-filename-dos-missing-length-checkCVE-2026-24136: Django Missing File Upload Validationcve-2026-24136-django-missing-file-upload-validationCVE-2026-44796: Django Python Re Redoscve-2026-44796-django-python-re-redosCVE-2020-36962: Tendenci Unicodewriter Csv Formula Injectioncve-2020-36962-tendenci-unicodewriter-csv-formula-injectionCVE-2020-37002: Ajenti Totp Stage Without Stage1 Bindingcve-2020-37002-ajenti-totp-stage-without-stage1-bindingCVE-2024-48061: Langflow Validate Code Endpoint Without Authcve-2024-48061-langflow-validate-code-endpoint-without-authCVE-2024-51378: Cyberpanel Preauth Cmdinjection Via Request Bodycve-2024-51378-cyberpanel-preauth-cmdinjection-via-request-bodyCVE-2025-1066: Python Flask Upload Saved To Static Without Validationcve-2025-1066-python-flask-upload-saved-to-static-without-validationCVE-2025-23212: Unvalidated Listdir To Dbcve-2025-23212-unvalidated-listdir-to-dbCVE-2025-2945: Python Eval On Non Literal Rcecve-2025-2945-python-eval-on-non-literal-rceCVE-2025-3248: Langflow Validate Code Endpoint Missing Authcve-2025-3248-langflow-validate-code-endpoint-missing-authCVE-2025-43863: Change Password Bruteforce No Rate Limitcve-2025-43863-change-password-bruteforce-no-rate-limitCVE-2025-48383: Django Widget Shared Token Initcve-2025-48383-django-widget-shared-token-initCVE-2025-53528: Fastapi Openapi Xss From Requestcve-2025-53528-fastapi-openapi-xss-from-requestCVE-2025-64725: Weblate Invitation Post Missing Recipient Validationcve-2025-64725-weblate-invitation-post-missing-recipient-validationCVE-2025-69201: Pydantic Unvalidated Command List Fieldcve-2025-69201-pydantic-unvalidated-command-list-fieldCVE-2026-10042: Insecure Fastapi Pickle Deserializationcve-2026-10042-insecure-fastapi-pickle-deserializationCVE-2026-23846: Python Sensitive Query Paramcve-2026-23846-python-sensitive-query-paramCVE-2026-25873: Python Pickle Loads On Http Request Bodycve-2026-25873-python-pickle-loads-on-http-request-bodyCVE-2026-33017: Langflow Public Build Rce Via Data Paramcve-2026-33017-langflow-public-build-rce-via-data-paramCVE-2026-33057: Python Flask Request Code Executioncve-2026-33057-python-flask-request-code-executionCVE-2026-33076: Python Path Traversal Fstring Host Param Unvalidatedcve-2026-33076-python-path-traversal-fstring-host-param-unvalidatedCVE-2026-33212: Celery Task Pending State Missing Authorizationcve-2026-33212-celery-task-pending-state-missing-authorizationCVE-2026-40525: Python Auth Fail Open Empty Api Keycve-2026-40525-python-auth-fail-open-empty-api-keyCVE-2026-42196: Python Pureposixpath Traversal Without Clean Namecve-2026-42196-python-pureposixpath-traversal-without-clean-nameCVE-2026-42864: Drf Allowany On Serializer Bound Viewcve-2026-42864-drf-allowany-on-serializer-bound-viewCVE-2026-45315: Fastapi Fileresponse Path Route Missing Protection Headerscve-2026-45315-fastapi-fileresponse-path-route-missing-protection-headersCVE-2026-45365: Fastapi Internal Auth Bypass Flag As Query Paramcve-2026-45365-fastapi-internal-auth-bypass-flag-as-query-param