nicegui 2.14.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nicegui package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ui.interactive_image` component when rendering SVG content using the `v-html` directive without sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious HTML or JavaScript through crafted SVG `<foreignObject>` tags. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.4.0 or higher.	[,3.4.0)
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ui.add_css`, `ui.add_scss`, and `ui.add_sass` functions. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting specially crafted input that breaks out of the intended style or script tags. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.4.0 or higher.	[,3.4.0)
H Directory Traversal nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Directory Traversal via the `add_media_files` function. An attacker can read arbitrary files on the server filesystem. How to fix Directory Traversal? Upgrade `nicegui` to version 3.4.0 or higher.	[,3.4.0)
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ui.html` or `ui.chat_message` functions when unescaped user input is rendered directly into the DOM. An attacker can execute arbitrary JavaScript in the user's browser by supplying crafted input that is reflected without sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.0.0 or higher.	[,3.0.0)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ui.interactive_image component when rendering SVG content using the v-html directive without sanitization. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious HTML or JavaScript through crafted SVG <foreignObject> tags.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.4.0 or higher.

[,3.4.0)

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ui.add_css, ui.add_scss, and ui.add_sass functions. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting specially crafted input that breaks out of the intended style or script tags.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.4.0 or higher.

[,3.4.0)

Directory Traversal

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Directory Traversal via the add_media_files function. An attacker can read arbitrary files on the server filesystem.

How to fix Directory Traversal?

Upgrade nicegui to version 3.4.0 or higher.

[,3.4.0)

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ui.html or ui.chat_message functions when unescaped user input is rendered directly into the DOM. An attacker can execute arbitrary JavaScript in the user's browser by supplying crafted input that is reflected without sanitization.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.0.0 or higher.

[,3.0.0)

nicegui@2.14.0 vulnerabilities

Create web-based user interfaces with Python. The nice way.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically