36 matches found
📄 Dash-Uploader 0.7.0a2 Path Traversal
There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...
RSEC-2025-1 Risk of __proto__ pollution Vulnerability
The plotly R package up through the latest 4.11.0 includes plotly.js library 2.11.1. Plotly.js releases prior to version 2.25.2 have a risk of proto being polluted in expandObjectPaths or nestedProperty...
EUVD-2015-9187
Malware in sbrugna...
EUVD-2015-5439
Malware in sbrugna...
jupyter-plotly-6.1.2-1.1 on GA media (moderate)
jupyter-plotly-6.1.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15278-1 Rating: moderate Cross-References: CVE-2025-5889 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...
OPENSUSE-SU-2025:15278-1 jupyter-plotly-6.1.2-1.1 on GA media
These are all security issues fixed in the jupyter-plotly-6.1.2-1.1 package on the GA media of openSUSE Tumbleweed...
MAL-2025-5320 Malicious code in natel-plotly-panel (npm)
The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...
Malicious code in natel-plotly-panel (npm)
The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2015-9347
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors...
OPENSUSE-SU-2024:14007-1 jupyter-plotly-5.22.0-1.1 on GA media
These are all security issues fixed in the jupyter-plotly-5.22.0-1.1 package on the GA media of openSUSE Tumbleweed...
Dash Cross-Site Scripting Vulnerability
plotly Dash is a data application and dashboard for Python by plotly. Dash suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could steal data...
GHSA-WJC4-73Q6-GV3M plotly.js prototype pollution vulnerability
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
Code injection
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
CVE-2023-46308 affects the Plotly library plotly.js prior to 2.25.2. The issue is a prototype pollution flaw in the plot API calls (expandObjectPaths/nestedProperty) that could lead to remote code execution or denial of service. Public references indicate the fix is in plotly.js v2.25.2 and later...
CVE-2015-5484
Cross-site scripting XSS vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post...
Cross site scripting
Cross-site scripting XSS vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post...