| CVE-2026-45553 |
high |
— |
8.0 |
|
|
|
11d ago |
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text() |
| CVE-2026-45554 |
medium |
— |
5.5 |
|
|
|
11d ago |
NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes |
| CVE-2026-39844 |
unknown |
— |
— |
|
|
|
2mo ago |
NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows |
| CVE-2026-33332 |
unknown |
— |
— |
|
|
|
2mo ago |
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion |
| CVE-2026-27156 |
unknown |
— |
— |
|
|
|
3mo ago |
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution |
| CVE-2026-25732 |
unknown |
— |
— |
|
|
|
4mo ago |
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use … |
| CVE-2026-25516 |
unknown |
— |
— |
|
|
|
4mo ago |
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content |
| CVE-2026-21874 |
unknown |
— |
— |
|
|
|
5mo ago |
NiceGUI has Redis connection leak via tab storage causes service degradation |
| CVE-2026-21873 |
unknown |
— |
— |
|
|
|
5mo ago |
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS |
| CVE-2026-21872 |
unknown |
— |
— |
|
|
|
5mo ago |
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links |
| CVE-2026-21871 |
unknown |
— |
— |
|
|
|
5mo ago |
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() |
| CVE-2025-66645 |
unknown |
— |
— |
|
|
|
6mo ago |
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read |
| CVE-2025-66470 |
unknown |
— |
— |
|
|
|
6mo ago |
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content |
| CVE-2025-66469 |
unknown |
— |
— |
|
|
|
6mo ago |
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection |
| CVE-2025-53354 |
unknown |
— |
— |
|
|
|
8mo ago |
NiceGUI has a Reflected XSS |
| CVE-2025-21618 |
unknown |
— |
— |
|
|
|
1y ago |
NiceGUI On Air authentication issue |
| CVE-2024-32005 |
unknown |
— |
— |
|
|
|
2y ago |
NiceGUI allows potential access to local file system |