Flask

Security rules for Flask web framework

1
Security Rules

Run All Flask Rules

pathfinder scan --ruleset cpf/python/flask

Rules

Flask Debug Mode Enabled

HIGH

Flask debug mode enabled. Never use debug=True in production. Use a production WSGI server like Gunicorn.

pythonflaskdebug-modeconfigurationinformation-disclosureowasp-a05cwe-489productionwerkzeugsecuritymisconfiguration
CWE-489
CVE-2015-5306
Updated 2026-01-17
Back to Python CategoriesAll Languages →