PyPI package
streamlit
pkg:pypi/streamlit
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33682 | Med | 4.7 | < 1.54.0 | 1.54.0 | Mar 26, 2026 | Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attack | |
| CVE-2024-42474 | — | < 1.37.0 | 1.37.0 | Aug 12, 2024 | Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when th | ||
| CVE-2023-27494 | — | >= 0.63.0, < 0.81.0 | 0.81.0 | Mar 16, 2023 | Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Ja | ||
| CVE-2022-35918 | — | >= 0.63.0, < 1.11.1 | 1.11.1 | Aug 1, 2022 | Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, a |
- affected < 1.54.0fixed 1.54.0
Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. The vulnerability arises from improper validation of attack
- CVE-2024-42474Aug 12, 2024affected < 1.37.0fixed 1.37.0
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when th
- CVE-2023-27494Mar 16, 2023affected >= 0.63.0, < 0.81.0fixed 0.81.0
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Ja
- CVE-2022-35918Aug 1, 2022affected >= 0.63.0, < 1.11.1fixed 1.11.1
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, a