Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36403?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36403?format=api", "vulnerability_id": "VCID-nfvv-s6z5-cyej", "summary": "Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.81.0 contains a patch for this vulnerability.", "aliases": [ { "alias": "CVE-2023-27494" }, { "alias": "GHSA-9c6g-qpgj-rvxw" }, { "alias": "PYSEC-2023-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28694?format=api", "purl": "pkg:pypi/streamlit@0.81.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.81.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28667?format=api", "purl": "pkg:pypi/streamlit@0.63.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2m1a-hkg5-ubfe" }, { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.63.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28668?format=api", "purl": "pkg:pypi/streamlit@0.63.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.63.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28669?format=api", "purl": "pkg:pypi/streamlit@0.64.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.64.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28670?format=api", "purl": "pkg:pypi/streamlit@0.65.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.65.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28671?format=api", "purl": "pkg:pypi/streamlit@0.65.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.65.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28672?format=api", "purl": "pkg:pypi/streamlit@0.65.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.65.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/28673?format=api", "purl": "pkg:pypi/streamlit@0.66.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.66.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28674?format=api", "purl": "pkg:pypi/streamlit@0.67.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.67.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28675?format=api", "purl": "pkg:pypi/streamlit@0.67.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.67.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28676?format=api", "purl": "pkg:pypi/streamlit@0.68.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.68.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28677?format=api", "purl": "pkg:pypi/streamlit@0.68.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.68.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28678?format=api", "purl": "pkg:pypi/streamlit@0.69.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.69.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28679?format=api", "purl": "pkg:pypi/streamlit@0.69.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.69.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28680?format=api", "purl": "pkg:pypi/streamlit@0.69.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.69.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/28681?format=api", "purl": "pkg:pypi/streamlit@0.70.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.70.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28682?format=api", "purl": "pkg:pypi/streamlit@0.71.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.71.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28683?format=api", "purl": "pkg:pypi/streamlit@0.72.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.72.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28684?format=api", "purl": "pkg:pypi/streamlit@0.73.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.73.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28685?format=api", "purl": "pkg:pypi/streamlit@0.73.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.73.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28686?format=api", "purl": "pkg:pypi/streamlit@0.74.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.74.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28687?format=api", "purl": "pkg:pypi/streamlit@0.74.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.74.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28688?format=api", "purl": "pkg:pypi/streamlit@0.75.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.75.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28689?format=api", "purl": "pkg:pypi/streamlit@0.76.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.76.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28690?format=api", "purl": "pkg:pypi/streamlit@0.77.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.77.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28691?format=api", "purl": "pkg:pypi/streamlit@0.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.78.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28692?format=api", "purl": "pkg:pypi/streamlit@0.79.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.79.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28693?format=api", "purl": "pkg:pypi/streamlit@0.80.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-45nc-3ttz-hqcu" }, { "vulnerability": "VCID-e2z5-m4r7-vyhb" }, { "vulnerability": "VCID-nfvv-s6z5-cyej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/streamlit@0.80.0" } ], "references": [ { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2023-50.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2023-50.yaml" }, { "reference_url": "https://github.com/streamlit/streamlit", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/streamlit/streamlit" }, { "reference_url": "https://github.com/streamlit/streamlit/commit/afcf880c60e5d7538936cc2d9721b9e1bc02b075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/streamlit/streamlit/commit/afcf880c60e5d7538936cc2d9721b9e1bc02b075" }, { "reference_url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-9c6g-qpgj-rvxw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-9c6g-qpgj-rvxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27494", "reference_id": "CVE-2023-27494", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27494" }, { "reference_url": "https://github.com/advisories/GHSA-9c6g-qpgj-rvxw", "reference_id": "GHSA-9c6g-qpgj-rvxw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9c6g-qpgj-rvxw" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfvv-s6z5-cyej" }