3 matches found
acherion (>=0.2.0 <=0.9.2), aesp (=2025.9.12) +243 more potentially affected by CVE-2026-21872 via nicegui (>=2.22.2 <=3.3.1)
nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.0, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21872 Source advisory: SNYK:PYTHON-NICEGUI-14912452...
acherion (>=0.2.0 <=0.9.2), aesp (=2025.9.12) +243 more potentially affected by CVE-2026-21872 via nicegui (>=2.22.2 <=3.3.1)
nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.0, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21872 Source advisory: OSV:GHSA-M7J5-RQ9J-6JJ9...
CVE-2026-21872
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...