PyPI: streamlit

GHSA-8qw9-gf7w-42x5

Safety vulnerability ID: SFTY-20240112-31209

### Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions. ### Patches We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security. ### Workarounds No additional workarounds are necessary once the update to version 1.30.0 is applied. ### For more information If you have any questions or comments about this advisory: * Email us at [security@streamlit.io](mailto:security@streamlit.io)

PythonPyPIGitHubGHSA
Created at: Aug 21, 2025Updated at: Aug 21, 2025

Overview

Minor fix to previous patch for CVE-2022-35918

Advisory

Minor fix to previous patch for CVE-2022-35918

Affected Package

Affecting streamlit package, versions
>= 0.63.0, < 1.30.0

Also affects

---

How to Fix

Upgrade
streamlit
to
1.30.0
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more