Plotly
Products
2Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31049 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3. | ||
| CVE-2017-1000006 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. | ||
| CVE-2024-21485 | 0.00 | — | 0.01 | Feb 2, 2024 | Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before… | |||
| CVE-2023-46308 | 0.00 | — | 0.01 | Jan 3, 2024 | In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. | |||
| CVE-2009-0854 | 0.00 | — | 0.00 | Mar 11, 2009 | Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
- risk 0.40cvss 6.1epss 0.01
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
- CVE-2024-21485Feb 2, 2024risk 0.00cvss —epss 0.01
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before…
- CVE-2023-46308Jan 3, 2024risk 0.00cvss —epss 0.01
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
- CVE-2009-0854Mar 11, 2009risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.