Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion Moderate
CVE-2026-33332 was published for nicegui (pip) Mar 19, 2026
aest3ra Credited to aest3ra, oxqnd, mjkim610, evnchn, Khaliun-sw1, and falkoschindler oxqnd oxqnd
mjkim610 mjkim610 evnchn evnchn Khaliun-sw1 Khaliun-sw1 falkoschindler falkoschindler
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution Moderate
CVE-2026-27156 was published for nicegui (pip) Feb 24, 2026
anuraagbaishya Credited to anuraagbaishya, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz Credited to k14uz, falkoschindler, and evnchn falkoschindler falkoschindler
evnchn evnchn
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content Moderate
CVE-2026-25516 was published for nicegui (pip) Feb 5, 2026
falkoschindler Credited to falkoschindler and evnchn evnchn evnchn
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS High
CVE-2026-21873 was published for nicegui (pip) Jan 8, 2026
evnchn Credited to evnchn and falkoschindler falkoschindler falkoschindler
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links Moderate
CVE-2026-21872 was published for nicegui (pip) Jan 8, 2026
evnchn Credited to evnchn, xx-mikusan-xx, and falkoschindler xx-mikusan-xx xx-mikusan-xx
falkoschindler falkoschindler
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() Moderate
CVE-2026-21871 was published for nicegui (pip) Jan 8, 2026
xx-mikusan-xx Credited to xx-mikusan-xx, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read High
CVE-2025-66645 was published for nicegui (pip) Dec 9, 2025
y4rvin Credited to y4rvin, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content Moderate
CVE-2025-66470 was published for nicegui (pip) Dec 8, 2025
twmoon Credited to twmoon, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection Moderate
CVE-2025-66469 was published for nicegui (pip) Dec 8, 2025
twmoon Credited to twmoon, evnchn, and falkoschindler evnchn evnchn
falkoschindler falkoschindler
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database