CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

EUVD-2026-33830

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4. A patched version of the package is available...

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3

CVE-2025-11065 affecting package opa for versions less than 0.63.0-3. A patched version of the package is available...

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6

CVE-2025-11065 affecting package opa for versions less than 0.63.0-6. A patched version of the package is available...

AZL-75545 CVE-2025-11065 affecting package opa for versions less than 0.63.0-6

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-66005

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

CVE-2025-66005

InputPlumber’s InputManager D‑Bus interface lacks authorization in versions before v0.63.0, allowing local impact in the active user session: Denial‑of‑Service, information disclosure, or privilege escalation. Affected component: InputPlumber (InputManager D‑Bus). Root cause: missing authorizatio...

InputPlumber 安全漏洞

InputPlumber is an open source input device routing daemon from ShadowBlip. A security vulnerability exists in InputPlumber versions prior to v0.63.0, which stems from a lack of authorization and could lead to a local denial of service, information disclosure, or elevation of privilege...

AZL-38941 CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

GHSA-9C6G-QPGJ-RVXW Streamlit publishes previously-patched Cross-site Scripting vulnerability

Synopsis: Streamlit open source publicizes a prior security fix implemented in 2021. The vulnerability affected Streamlit versions between 0.63.0 and 0.80.0 inclusive and was patched on April 21, 2021. If you are using Streamlit with version before 0.63.0 or after 0.80.0, no action is required. 1...

PYSEC-2023-50

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

CVE-2023-27494

CVE-2023-27494 describes a reflected XSS in Streamlit open-source library for hosted apps, affecting versions 0.63.0–0.80.0. The vulnerability allowed an attacker to craft a malicious URL containing JavaScript payloads, which the server could render unescaped, enabling XSS. The issue was addresse...

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

PT-2023-21169 · Streamlit · Streamlit

Name of the Vulnerable Software and Affected Versions: Streamlit versions 0.63.0 through 0.80.0 Description: The issue is a cross-site scripting XSS vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app,...