intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2026-35052 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2026-35052 Source advisory: OSV:GHSA-436G-FHFC-9G5W...

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2026-27194 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2026-27194 Source advisory: SNYK:PYTHON-DTALE-15324282...

PT-2026-21349

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.20.0 Description D-Tale, a visualizer for pandas data structures, has an issue allowing for Remote Code Execution. This is due to a flaw in the /save-column-filter API endpoint. Publicly hosted instances of D-Tale ar...

CVE-2025-0655

A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enablecustomfilters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system...

CVE-2024-9016

man-group dtale version = 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the runquery function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'pytho...

CVE-2025-0655

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-0655

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-0655

...

intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2024-55890 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2024-55890 Source advisory: OSV:GHSA-832W-FHMW-W4F4...

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2024-55890 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2024-55890 Source advisory: SNYK:PYTHON-DTALE-8515878...

Remote Code Execution

dtale is vulnerable to Remote Code Execution RCE via the runquery function. The vulnerability is due to improper sanitization of the query parameter. An attacker can execute arbitrary code on the server by sending malicious input...

intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2024-8862 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2024-8862 Source advisory: OSV:GHSA-FG5M-M723-7MV6...

intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2024-45595 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2024-45595 Source advisory: OSV:GHSA-PW44-4H99-WQFF...

GHSA-V9Q6-FM48-RX74 Authentication bypass in dtale

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

PYSEC-2024-117

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2024-3408 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2024-3408 Source advisory: OSV:PYSEC-2024-117...

airi-test-task (=0.1.0), dtaledesktop (>=0.0.1 <=0.1.3) +13 more potentially affected by CVE-2024-21642 via dtale (>=2.16.0 <=3.22.0)

dtale PYPI version =2.16.0, =0.0.1, =0.1.0, =0.0.0.35, =0.1.1, =0.0.14, =0.0.5, =0.0.10, =1.0.0, =0.3.3, =0.1.0, =0.1.5 Source cves: CVE-2024-21642 Source advisory: OSV:GHSA-7HFX-H3J3-RWQ4...

airi-test-task (=0.1.0), dtaledesktop (>=0.0.1 <=0.1.3) +13 more potentially affected by CVE-2023-46134 via dtale (>=2.16.0 <=3.22.0)

dtale PYPI version =2.16.0, =0.0.1, =0.1.0, =0.0.0.35, =0.1.1, =0.0.14, =0.0.5, =0.0.10, =1.0.0, =0.3.3, =0.1.0, =0.1.5 Source cves: CVE-2023-46134 Source advisory: OSV:GHSA-JQ6C-R9XF-QXJM...