168 matches found
CVE-2024-41117
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...
CVE-2024-41113
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 383 or line 390 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 395, leading to remote...
EUVD-2024-0164
Malicious code in bioql PyPI...
EUVD-2024-38931
Malicious code in bioql PyPI...
EUVD-2024-38937
Malicious code in bioql PyPI...
EUVD-2023-0247
Malicious code in bioql PyPI...
EUVD-2024-38933
Malicious code in bioql PyPI...
EUVD-2024-38932
Malicious code in bioql PyPI...
EUVD-2024-38938
Malicious code in bioql PyPI...
EUVD-2024-38934
Malicious code in bioql PyPI...
EUVD-2022-0282
Malicious code in bioql PyPI...
EUVD-2024-38939
Malicious code in bioql PyPI...
EUVD-2024-38935
Malicious code in bioql PyPI...
EUVD-2024-38936
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview streamlit-shortcuts is a Streamlit keyboard shortcuts for your buttons. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addshortcuts function which fails to properly escape special characters when injecting JavaScript code into the DOM. Details...
graph-rag-poc
Graph RAG Pipeline - Proof of Concept A locally-executable Gr...
Malicious code in figma-to-streamlit (npm)
The package figma-to-streamlit was found to contain malicious code...
MAL-2025-20521 Malicious code in figma-to-streamlit (npm)
The package figma-to-streamlit was found to contain malicious code...
CVE-2024-42474
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...
CVE-2023-27494
Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...