VYPR
Vendor

Plotly

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-31049CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.

  • CVE-2017-1000006MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.

  • CVE-2024-21485Feb 2, 2024
    risk 0.00cvss epss 0.01

    Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before…

  • CVE-2023-46308Jan 3, 2024
    risk 0.00cvss epss 0.01

    In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.

  • CVE-2009-0854Mar 11, 2009
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.