📦 Nicegui
by Zauberzeug
🔍 What is Nicegui?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability in NiceGUI allows attackers to perform path traversal attacks by uploading files with malicious filenames containing '../' sequences. When developers use the vulnerable pattern of c...
This vulnerability in NiceGUI allows attackers to manipulate URL fragment identifiers via cross-site iframe attacks, potentially enabling UI manipulation or client-side attacks. It affects NiceGUI ver...
This directory traversal vulnerability in NiceGUI allows remote attackers to read arbitrary files on the server filesystem by exploiting the App.add_media_files() function. Any application using NiceG...
This vulnerability in NiceGUI allows cross-site scripting (XSS) attacks when user-controlled input is passed to certain client-side method execution APIs. Attackers can inject arbitrary JavaScript tha...
This CVE describes a cross-site scripting (XSS) vulnerability in NiceGUI's ui.markdown() component. Attackers can inject malicious JavaScript through user-controlled markdown content, which gets rende...
This is a cross-site scripting (XSS) vulnerability in NiceGUI Python UI framework that allows attackers to execute arbitrary JavaScript in victims' browsers when untrusted input is passed to specific ...
This is a cross-site scripting (XSS) vulnerability in NiceGUI Python UI framework versions 2.22.0 through 3.4.1. Attackers can inject malicious scripts via crafted links that execute when users click ...
This vulnerability allows unauthenticated attackers to exhaust Redis connections by repeatedly opening and closing browser tabs on NiceGUI applications using Redis-backed storage. Affected users are t...
NiceGUI versions 3.3.1 and below contain a cross-site scripting (XSS) vulnerability in the ui.interactive_image component. Attackers can inject malicious JavaScript via SVG foreignObject tags when ren...
NiceGUI versions 3.3.1 and below are vulnerable to Reflected Cross-Site Scripting (XSS) through the ui.add_css, ui.add_scss, and ui.add_sass functions. Attackers can inject malicious JavaScript by bre...