VulnerableCode Package Details - pkg:pypi/datasette@0.46

Search for packages

Vulnerability	Summary	Fixed by
VCID-gj9p-gkjg-1khj Aliases: CVE-2025-64481 GHSA-w832-gg5g-x44m PYSEC-2025-73	Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.	0.65.2 Affected by 0 other vulnerabilities. 1.0a21 Affected by 0 other vulnerabilities. 1.0.0a21 Affected by 0 other vulnerabilities.
VCID-hmeq-aurn-9yf9 Aliases: CVE-2021-32670 GHSA-gff3-739c-gxfq GHSA-xw7c-jx9m-xh5g PYSEC-2021-89	Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.	0.56.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gj9p-gkjg-1khj
Aliases:
CVE-2025-64481
GHSA-w832-gg5g-x44m
PYSEC-2025-73

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

0.65.2
Affected by 0 other vulnerabilities.

1.0a21
Affected by 0 other vulnerabilities.

1.0.0a21
Affected by 0 other vulnerabilities.

VCID-hmeq-aurn-9yf9
Aliases:
CVE-2021-32670
GHSA-gff3-739c-gxfq
GHSA-xw7c-jx9m-xh5g
PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.

0.56.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-wxgg-vdd2-9uc6	CSRF tokens leaked in URL by canned query form	GHSA-q6j3-c4wc-63vw GMS-2020-699

Vulnerability

Summary

Aliases

VCID-wxgg-vdd2-9uc6

CSRF tokens leaked in URL by canned query form

GHSA-q6j3-c4wc-63vw
GMS-2020-699

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T15:07:48.709239+00:00	GitLab Importer	Fixing	VCID-wxgg-vdd2-9uc6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/datasette/GMS-2020-699.yml	38.6.0
2026-06-13T08:30:47.739329+00:00	GHSA Importer	Affected by	VCID-hmeq-aurn-9yf9	https://github.com/advisories/GHSA-gff3-739c-gxfq	38.6.0
2026-06-12T20:28:46.996529+00:00	GitLab Importer	Affected by	VCID-gj9p-gkjg-1khj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/datasette/CVE-2025-64481.yml	38.6.0
2026-06-12T17:42:36.328406+00:00	GitLab Importer	Affected by	VCID-hmeq-aurn-9yf9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/datasette/GHSA-gff3-739c-gxfq.yml	38.6.0
2026-06-12T17:42:20.012818+00:00	GitLab Importer	Affected by	VCID-hmeq-aurn-9yf9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/datasette/CVE-2021-32670.yml	38.6.0
2026-06-12T08:01:52.978229+00:00	GithubOSV Importer	Fixing	VCID-wxgg-vdd2-9uc6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-q6j3-c4wc-63vw/GHSA-q6j3-c4wc-63vw.json	38.6.0
2026-06-12T04:11:42.485169+00:00	Pypa Importer	Affected by	VCID-hmeq-aurn-9yf9	https://github.com/pypa/advisory-database/blob/main/vulns/datasette/PYSEC-2021-89.yaml	38.6.0
2026-06-11T20:53:08.133553+00:00	PyPI Importer	Affected by	VCID-hmeq-aurn-9yf9	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:26:24.543044+00:00	GHSA Importer	Fixing	VCID-wxgg-vdd2-9uc6	https://github.com/advisories/GHSA-q6j3-c4wc-63vw	38.6.0