40 matches found
CVE-2026-55810
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
CVE-2026-55810 Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...
DRUPAL-CONTRIB-2026-050
The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...
Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...
📄 Dash-Uploader 0.7.0a2 Path Traversal
There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...
RSEC-2025-1 Risk of __proto__ pollution Vulnerability
The plotly R package up through the latest 4.11.0 includes plotly.js library 2.11.1. Plotly.js releases prior to version 2.25.2 have a risk of proto being polluted in expandObjectPaths or nestedProperty...
EUVD-2015-9187
Malware in sbrugna...
EUVD-2015-5439
Malware in sbrugna...
jupyter-plotly-6.1.2-1.1 on GA media (moderate)
jupyter-plotly-6.1.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15278-1 Rating: moderate Cross-References: CVE-2025-5889 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...
OPENSUSE-SU-2025:15278-1 jupyter-plotly-6.1.2-1.1 on GA media
These are all security issues fixed in the jupyter-plotly-6.1.2-1.1 package on the GA media of openSUSE Tumbleweed...
MAL-2025-5320 Malicious code in natel-plotly-panel (npm)
The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...
Malicious code in natel-plotly-panel (npm)
The package contains suspicious preinstall, preupdate, and test scripts in pakage.json that download and execute code from a remote server oastify.com. This allows for arbitrary code execution and exfiltration of sensitive information username, path, hostname during installation, update, and...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2015-9347
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors...
OPENSUSE-SU-2024:14007-1 jupyter-plotly-5.22.0-1.1 on GA media
These are all security issues fixed in the jupyter-plotly-5.22.0-1.1 package on the GA media of openSUSE Tumbleweed...
Dash Cross-Site Scripting Vulnerability
plotly Dash is a data application and dashboard for Python by plotly. Dash suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could steal data...
GHSA-WJC4-73Q6-GV3M plotly.js prototype pollution vulnerability
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
Code injection
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...
CVE-2023-46308
CVE-2023-46308 affects the Plotly library plotly.js prior to 2.25.2. The issue is a prototype pollution flaw in the plot API calls (expandObjectPaths/nestedProperty) that could lead to remote code execution or denial of service. Public references indicate the fix is in plotly.js v2.25.2 and later...