VYPR

PyPI package

datasette

pkg:pypi/datasette

Vulnerabilities (2)

  • CVE-2023-40570Aug 25, 2023
    affected >= 1.0a0, < 1.0a4fixed 1.0a4

    Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-pas

  • CVE-2021-32670Jun 7, 2021
    affected < 0.56.1fixed 0.56.1

    Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) v