219 matches found
Directory Traversal
NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...
Cross Site Scripting (XSS)
NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...
Exploit for CVE-2025-66470
NiceGUI XSS Scanner - CVE-2025-66470 !Pythonhttps://img.sh...
CVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66470
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...
CVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645
CVE-2025-66645 - NiceGUI Directory Traversal : Plenty of connected sources confirm a vulnerability in NiceGUI (
EUVD-2025-201931
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +237 more potentially affected by CVE-2025-66645 via nicegui (>=0.9.11 <=3.3.1)
nicegui PYPI version =0.9.11, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2025-66645 Source advisory: OSV:GHSA-HXP3-63HC-5366...
Directory Traversal
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via the addmediafiles function. An attacker can read arbitrary files on the server filesystem. Details A Directory Traversal attack also known ...
GHSA-HXP3-63HC-5366 NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
Summary A directory traversal vulnerability in NiceGUI's App.addmediafiles allows a remote attacker to read arbitrary files on the server filesystem. Details Hello, I am Seungbin Yang, a university student studying cybersecurity. While reviewing the source code of the repository, I discovered a...
acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +186 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)
nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 - boaboard =0.1.0 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...
CVE-2025-66470
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...
CVE-2025-66470
CVE-2025-66470 affects NiceGUI <= 3.3.1 via the ui.interactive_image component, which renders SVG content with Vue v-html without sanitization. This can lead to stored/reflected XSS through the SVG tag when images are rendered or updated. The issue is fixed in NiceGUI 3.4.0; remediation is to...