Zauberzeug Nicegui
17 CVEs affecting Zauberzeug Nicegui. Latest disclosed: 2026-06-02. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-32005 | High | 8.2 | 2024-04-12 | NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under th… |
CVE-2026-45553 | High | 7.5 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling fi… |
CVE-2026-25732 | High | 7.5 | 2026-02-06 | NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enab… |
CVE-2025-66645 | High | 7.5 | 2025-12-09 | NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allow… |
CVE-2025-21618 | High | 7.5 | 2025-01-06 | NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in in… |
CVE-2026-21873 | High | 7.2 | 2026-01-08 | NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an… |
CVE-2026-27156 | Medium | 6.1 | 2026-02-24 | NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgG… |
CVE-2026-25516 | Medium | 6.1 | 2026-02-06 | NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via… |
CVE-2026-21872 | Medium | 6.1 | 2026-01-08 | NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with… |
CVE-2026-21871 | Medium | 6.1 | 2026-01-08 | NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui… |
CVE-2025-66470 | Medium | 6.1 | 2025-12-09 | NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactive_image component of NiceGUI. The… |
CVE-2025-66469 | Medium | 6.1 | 2025-12-08 | NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions… |
CVE-2025-53354 | Medium | 6.1 | 2025-10-03 | NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting (XSS) when developers render unescaped user input into t… |
CVE-2026-39844 | Medium | 5.9 | 2026-04-08 | NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path separators, an attacker can bypass thi… |
CVE-2026-45554 | Medium | 5.3 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path paramet… |
CVE-2026-21874 | Medium | 5.3 | 2026-01-08 | NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and clo… |
CVE-2026-33332 | | 2026-03-24 | NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files() media routes accept a user-controlled… |