VulnerableCode Package Details - pkg:pypi/streamlit@1.30.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-45nc-3ttz-hqcu Aliases: CVE-2024-42474 GHSA-rxff-vr5r-8cj5 PYSEC-2024-153	Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.	1.37.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-45nc-3ttz-hqcu
Aliases:
CVE-2024-42474
GHSA-rxff-vr5r-8cj5
PYSEC-2024-153

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

1.37.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2m1a-hkg5-ubfe	Minor fix to previous patch for CVE-2022-35918 ### Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions. ### Patches We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security. ### Workarounds No additional workarounds are necessary once the update to version 1.30.0 is applied. ### For more information If you have any questions or comments about this advisory: * Email us at [security@streamlit.io](mailto:security@streamlit.io)	GHSA-8qw9-gf7w-42x5 GMS-2024-20

Vulnerability

Summary

Aliases

VCID-2m1a-hkg5-ubfe

Minor fix to previous patch for CVE-2022-35918 ### Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions. ### Patches We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security. ### Workarounds No additional workarounds are necessary once the update to version 1.30.0 is applied. ### For more information If you have any questions or comments about this advisory: * Email us at [security@streamlit.io](mailto:security@streamlit.io)

GHSA-8qw9-gf7w-42x5
GMS-2024-20

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:46:50.777254+00:00	GitLab Importer	Fixing	VCID-2m1a-hkg5-ubfe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/streamlit/GMS-2024-20.yml	38.6.0
2026-06-02T04:21:41.342369+00:00	Pypa Importer	Affected by	VCID-45nc-3ttz-hqcu	https://github.com/pypa/advisory-database/blob/main/vulns/streamlit/PYSEC-2024-153.yaml	38.6.0

2026-06-02T04:46:50.777254+00:00

GitLab Importer

Fixing

VCID-2m1a-hkg5-ubfe

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/streamlit/GMS-2024-20.yml

38.6.0

2026-06-02T04:21:41.342369+00:00

Pypa Importer

Affected by

VCID-45nc-3ttz-hqcu

https://github.com/pypa/advisory-database/blob/main/vulns/streamlit/PYSEC-2024-153.yaml

38.6.0

Next non-vulnerable version	1.37.0
Latest non-vulnerable version	1.37.0
Risk