intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2026-35052 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2026-35052 Source advisory: OSV:GHSA-436G-FHFC-9G5W...

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2026-35052 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2026-35052 Source advisory: SNYK:PYTHON-DTALE-15912439...

PT-2026-30017

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.22.0 Description D-Tale, comprising a Flask back-end and a React front-end for viewing and analyzing Pandas data structures, had a remote code execution issue. Hosting D-Tale publicly with a redis or shelf storage...

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

intelligenzaartificiale (>=0.0.0.35 <=0.0.0.38), nexus-corr-discovery (=0.0.1.post2) +1 more potentially affected by CVE-2026-27194 via dtale (>=2.16.0 <=3.12.0)

dtale PYPI version =2.16.0, =0.0.0.35, =0.1.0, =0.1.5 Source cves: CVE-2026-27194 Source advisory: OSV:GHSA-C87C-78RC-VMV2...

Arbitrary Code Injection

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...

nexus-corr-discovery (=0.0.1.post2) potentially affected by CVE-2026-27194 via dtale (=3.12.0)

dtale PYPI version =3.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on dtale and may be impacted: - nexus-corr-discovery =0.0.1.post2 Source cves: CVE-2026-27194 Source advisory: SNYK:PYTHON-DTALE-15324282...

PT-2026-21349

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.20.0 Description D-Tale, a visualizer for pandas data structures, has an issue allowing for Remote Code Execution. This is due to a flaw in the /save-column-filter API endpoint. Publicly hosted instances of D-Tale ar...

The vulnerability of the dtale library, related to the use of strictly encrypted credentials during the processing of the SECRET_KEY parameter, allows a hacker to bypass existing security restrictions and execute arbitrary code on the server.

The vulnerability of the dtale library lies in the use of strictly encrypted user credentials during the processing of the SECRETKEY parameter. Exploiting this vulnerability allows an attacker to bypass existing security restrictions and execute arbitrary code on the server...

CVE-2025-0655

A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the enablecustomfilters feature, which is typically restricted to trusted environments. Once enabled, the attacker can exploit the /test-filter endpoint to execute arbitrary system...

CVE-2024-9016

man-group dtale version = 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the runquery function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'pytho...

CVE-2025-0655

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-0655

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-55890. Notes: All CVE users should reference CVE-2024-55890 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-9016

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2025-0655

...

CVE-2025-0655

CVE-2025-0655 is a duplicate of CVE-2024-55890. Connected sources describe a D-Tale (dtale) RCE affecting dtale versions around 3.15.1 where an attacker can override global state to enable enable_custom_filters, then abuse the /test-filter endpoint to execute arbitrary commands, with the fix in 3...

CVE-2025-0655

...

CVE-2024-9016

CVE-2024-9016 affects D-Tale (Man Group) for Pandas data structures, where versions

CVE-2024-9016

...

CVE-2024-9016

...