nicegui 3.4.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nicegui package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ui.navigate.history.push` or `ui.navigate.history.replace` functions. An attacker can execute arbitrary JavaScript in the victim's browser by supplying input that is embedded into generated JavaScript without proper escaping. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.5.0 or higher.	[2.13.0,3.5.0)
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `pushstate` event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript in the context of the affected application by embedding the target site in an iframe and altering the fragment portion of the URL. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.5.0 or higher.	[2.22.0,3.5.0)
M Missing Release of Resource after Effective Lifetime nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the `handle_disconnect()` function, when using the Redis backend for tab storage. An attacker can cause service degradation and loss of persistent storage functionality by repeatedly opening and closing browser tabs, which exhausts available Redis connections. How to fix Missing Release of Resource after Effective Lifetime? Upgrade `nicegui` to version 3.5.0 or higher.	[2.10.0,3.5.0)
M Cross-site Scripting (XSS) nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ui.sub_pages` function. An attacker can execute JavaScript in the context of the user's browser by tricking a user into clicking a malicious link rendered on the page. How to fix Cross-site Scripting (XSS)? Upgrade `nicegui` to version 3.5.0 or higher.	[2.22.0,3.5.0)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ui.navigate.history.push or ui.navigate.history.replace functions. An attacker can execute arbitrary JavaScript in the victim's browser by supplying input that is embedded into generated JavaScript without proper escaping.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.5.0 or higher.

[2.13.0,3.5.0)

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the pushstate event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript in the context of the affected application by embedding the target site in an iframe and altering the fragment portion of the URL.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.5.0 or higher.

[2.22.0,3.5.0)

Missing Release of Resource after Effective Lifetime

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handle_disconnect() function, when using the Redis backend for tab storage. An attacker can cause service degradation and loss of persistent storage functionality by repeatedly opening and closing browser tabs, which exhausts available Redis connections.

How to fix Missing Release of Resource after Effective Lifetime?

Upgrade nicegui to version 3.5.0 or higher.

[2.10.0,3.5.0)

Cross-site Scripting (XSS)

nicegui is a Create web-based user interfaces with Python. The nice way.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ui.sub_pages function. An attacker can execute JavaScript in the context of the user's browser by tricking a user into clicking a malicious link rendered on the page.

How to fix Cross-site Scripting (XSS)?

Upgrade nicegui to version 3.5.0 or higher.

[2.22.0,3.5.0)

nicegui@3.4.1 vulnerabilities

Create web-based user interfaces with Python. The nice way.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically