PyPI: marimo

SFTY-20250414-18824

Safety legacy ID: pyup.io-76666

Affected versions of marimo are potentially vulnerable to arbitrary code execution due to the dynamic loading of notebooks as modules. This allows malicious or poorly written code in notebooks to execute during the loading process, potentially compromising the system.

PythonPyPI
Created at: Apr 3, 2026Updated at: Apr 3, 2026

Overview

Affected versions of marimo are potentially vulnerable to arbitrary code execution due to the dynamic loading of notebooks as modules. This allows malicious or poorly written code in notebooks to execute during the loading process, potentially compromising the system.

Advisory

Affected versions of marimo are potentially vulnerable to arbitrary code execution due to the dynamic loading of notebooks as modules. This allows malicious or poorly written code in notebooks to execute during the loading process, potentially compromising the system.

Affected Package

Affecting marimo package, versions
<0.12.9

Also affects

---

How to Fix

Upgrade
marimo
to
0.12.10
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more