Apache-2.0
All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2026-33682 | Affected versions of the Streamlit package are vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of attacker-supplied filesystem paths on Windows hosts. In vulnerable code pa… | Medium | – | – | <1.54.0 |
| CVE-2024-42474 | Affected versions of the `Streamlit` package are vulnerable to Path Traversal due to improper handling of file paths in the static file sharing feature. The static file sharing feature fails to saniti… | Medium | – | – | >=1.17.1,<1.37.0 |
| CVE-2023-27494 | Streamlit affected versions have a cross-site scripting (XSS) vulnerability. Hosted Streamlit app(s) users were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL wit… | Medium | – | – | >=0.63.0,<0.81.0 |
| CVE-2022-35918 | In Streamlit affected versions, users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as:… | Medium | – | – | >=0.63.0,<=1.30.0 |
| SFTY-20240112-31209 | Minor fix to previous patch for CVE-2022-35918 | Unknown | – | – | >= 0.63.0, < 1.30.0 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.