VYPR
Low severityOSV Advisory· Published Nov 7, 2025· Updated Apr 15, 2026

CVE-2025-64481

CVE-2025-64481

Description

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
datasettePyPI
< 0.65.20.65.2
datasettePyPI
>= 1.0a0, < 1.0a211.0a21

Affected products

2
  • Simonw/DatasetteOSV2 versions
    0.10, 0.11, 0.12, …+ 1 more
    • (no CPE)range: 0.10, 0.11, 0.12, …
    • (no CPE)range: <=0.65.1, 1.0a0-1.0a19

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.