EUVD-2026-34246

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +379 more potentially affected by CVE-2026-33682 via streamlit (>=0.49.0 <=1.53.1)

streamlit PYPI version =0.49.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: OSV:GHSA-7P48-42J8-8846...

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...

Server-side Request Forgery (SSRF)

Overview streamlit is a The fastest way to build data apps in Python Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication...

advanced-data-generator (=1.0.0), agentbruno (>=0.0.2 <=0.0.5) +226 more potentially affected by CVE-2024-42474 via streamlit (>=0.49.0 <=1.36.0)

streamlit PYPI version =0.49.0, =0.0.2, =0.0.5, =0.31.0, =1.0.4, =0.8.0, =0.4.1, =1.6.1, =0.2.0, =0.7.0 - asdm =0.0.1 - askquinta =0.1.1 - audio-recorder-streamlit =0.0.9 and more Source cves: CVE-2024-42474 Source advisory: OSV:GHSA-RXFF-VR5R-8CJ5...

advanced-data-generator (=1.0.0), agentbruno (>=0.0.2 <=0.0.5) +226 more potentially affected by CVE-2024-42474 via streamlit (>=0.49.0 <=1.36.0)

streamlit PYPI version =0.49.0, =0.0.2, =0.0.5, =0.31.0, =1.0.4, =0.8.0, =0.4.1, =1.6.1, =0.2.0, =0.7.0 - asdm =0.0.1 - askquinta =0.1.1 - audio-recorder-streamlit =0.0.9 and more Source cves: CVE-2024-42474 Source advisory: OSV:PYSEC-2024-153...

advanced-data-generator (=1.0.0), agixt (=1.2.3) +169 more potentially affected by unknown CVE via streamlit (>=0.63.1 <=1.2.0)

streamlit PYPI version =0.63.1, =0.8.0, =0.4.1, =0.2.0, =0.0.2, =0.1.0, =0.5.0, =0.1.0, =0.2.0, =0.2.8 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8QW9-GF7W-42X5...

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)

streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:GHSA-V4HR-4JPX-56GC...

alphapept (=0.3.29), api-automation-kit (>=0.2.0 <=0.7.0) +51 more potentially affected by CVE-2022-35918 via streamlit (>=0.63.1 <=1.11.0)

streamlit PYPI version =0.63.1, =0.2.0, =0.0.2, =0.0.4, =0.0.1, =0.1.0, =0.0.2, =0.1.0, =0.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.7 - gimmick =1.0.0 - hlm-texts =0.1.2 and more Source cves: CVE-2022-35918 Source advisory: OSV:PYSEC-2022-248...

PT-2022-23024 · Streamlit · Streamlit

Name of the Vulnerable Software and Affected Versions: Streamlit versions prior to 1.11.1 Description: Streamlit is a data-oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak...