Browse all 4 CVE security advisories affecting web2py. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Web2py is a full-stack Python framework primarily used for rapid web application development and deployment. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While no major security incidents have been widely documented, the framework has accumulated four CVEs over time, highlighting areas requiring careful implementation. Its built-in security features, including automatic CSRF protection and secure session handling, provide a baseline defense, but developers must remain vigilant about configuration hardening and timely updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25198 | web2py 输入验证错误漏洞 — web2pyCWE-601 | 6.1AI | MediumAI | 2026-02-05 |
| CVE-2023-45158 | web2py 操作系统命令注入漏洞 — web2py | 9.8 | - | 2023-10-16 |
| CVE-2023-22432 | web2py 输入验证错误漏洞 — web2py | 6.1 | - | 2023-03-05 |
| CVE-2022-33146 | web2py 输入验证错误漏洞 — web2py | 6.1 | - | 2022-06-27 |
This page lists every published CVE security advisory associated with web2py. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.