Open Redirect in Simonw Datasette

CVE-2025-64481

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar…

Vulnerability class: Open Redirect

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

Affected products

Simonw Datasette — versions < 0.65.2, >= 1.0a0, < 1.0a20

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m (x_refsource_CONFIRM)
https://github.com/simonw/datasette/issues/2429 (x_refsource_MISC)
https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05 (x_refsource_MISC)