CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

GHSA-C87C-78RC-VMV2 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...

EUVD-2024-0283

Malicious code in bioql PyPI...

CVE-2024-55890

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

GHSA-GJXM-X497-4H6H Duplicate Advisory: D-Tale Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...

Duplicate Advisory: D-Tale Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

Remote Code Execution (RCE)

D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability for users to update the enablecustomfilters flag through the update-settings endpoint, allowing attackers to run malicious code on the server...

CVE-2024-55890

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input

D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...

D-Tale Input Validation Error Vulnerability

Man Group D-Tale is a pandas data structure visualization tool from Man Group, Inc. An input validation error vulnerability exists in D-Tale, which stems from a hard-coded SECRETKEY in the flask configuration, which allows an attacker to forge a session cookie if authentication is enabled...

PT-2023-29867 · D-Tale · D-Tale

Name of the Vulnerable Software and Affected Versions: D-Tale versions prior to 3.7.0 Description: The issue allows remote code execution, enabling attackers to run malicious code on the server. This is particularly concerning for users hosting D-Tale publicly. The estimated number of potentially...