VYPR

PyPI package

marimo

pkg:pypi/marimo

Vulnerabilities (1)

  • CVE-2026-39987CriKEVApr 9, 2026
    affected < 0.23.0fixed 0.23.0

    marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unl