Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/dtale@3.8.1
Typepypi
Namespace
Namedtale
Version3.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.22.0
Latest_non_vulnerable_version3.22.0
Affected_by_vulnerabilities
0
url VCID-4dad-b3dt-zbgg
vulnerability_id VCID-4dad-b3dt-zbgg
summary A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8862
reference_id
reference_type
scores
0
value 0.01574
scoring_system epss
scoring_elements 0.81959
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8862
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://vuldb.com/?ctiid.277499
reference_id ?ctiid.277499
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:14:18Z/
url https://vuldb.com/?ctiid.277499
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8862
reference_id CVE-2024-8862
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8862
4
reference_url https://github.com/advisories/GHSA-fg5m-m723-7mv6
reference_id GHSA-fg5m-m723-7mv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fg5m-m723-7mv6
5
reference_url https://vuldb.com/?id.277499
reference_id ?id.277499
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:14:18Z/
url https://vuldb.com/?id.277499
6
reference_url https://vuldb.com/?submit.403200
reference_id ?submit.403200
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:14:18Z/
url https://vuldb.com/?submit.403200
7
reference_url https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4
reference_id Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
4
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5
value MODERATE
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:14:18Z/
url https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4
fixed_packages
0
url pkg:pypi/dtale@3.14.1
purl pkg:pypi/dtale@3.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885t-ndak-wkbp
1
vulnerability VCID-anhp-z432-aycz
2
vulnerability VCID-awyc-1jgv-vbfm
3
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.14.1
aliases CVE-2024-8862, GHSA-fg5m-m723-7mv6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dad-b3dt-zbgg
1
url VCID-5hd3-vbtf-5kbj
vulnerability_id VCID-5hd3-vbtf-5kbj
summary man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3408
reference_id
reference_type
scores
0
value 0.91737
scoring_system epss
scoring_elements 0.997
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3408
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/dtale/PYSEC-2024-117.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/dtale/PYSEC-2024-117.yaml
3
reference_url https://github.com/man-group/dtale/commit/32bd6fb4a63de779ff1e51823a456865ea3cbd13
reference_id 32bd6fb4a63de779ff1e51823a456865ea3cbd13
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-06T19:31:56Z/
url https://github.com/man-group/dtale/commit/32bd6fb4a63de779ff1e51823a456865ea3cbd13
4
reference_url https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91
reference_id 57a06666-ff85-4577-af19-f3dfb7b02f91
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-06T19:31:56Z/
url https://huntr.com/bounties/57a06666-ff85-4577-af19-f3dfb7b02f91
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3408
reference_id CVE-2024-3408
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3408
6
reference_url https://github.com/advisories/GHSA-v9q6-fm48-rx74
reference_id GHSA-v9q6-fm48-rx74
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9q6-fm48-rx74
fixed_packages
0
url pkg:pypi/dtale@3.11.0
purl pkg:pypi/dtale@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dad-b3dt-zbgg
1
vulnerability VCID-885t-ndak-wkbp
2
vulnerability VCID-anhp-z432-aycz
3
vulnerability VCID-awyc-1jgv-vbfm
4
vulnerability VCID-tn7y-ddeq-57bc
5
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.11.0
aliases CVE-2024-3408, GHSA-v9q6-fm48-rx74, PYSEC-2024-117
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hd3-vbtf-5kbj
2
url VCID-6cy2-59vh-sqgc
vulnerability_id VCID-6cy2-59vh-sqgc
summary D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21642
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61544
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21642
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2
reference_id 954f6be1a06ff8629ead2c85c6e3f8e2196b3df2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T15:25:38Z/
url https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21642
reference_id CVE-2024-21642
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21642
4
reference_url https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets
reference_id dtale?tab=readme-ov-file#load-data--sample-datasets
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T15:25:38Z/
url https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets
5
reference_url https://github.com/advisories/GHSA-7hfx-h3j3-rwq4
reference_id GHSA-7hfx-h3j3-rwq4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hfx-h3j3-rwq4
6
reference_url https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4
reference_id GHSA-7hfx-h3j3-rwq4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T15:25:38Z/
url https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4
fixed_packages
0
url pkg:pypi/dtale@3.9.0
purl pkg:pypi/dtale@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4dad-b3dt-zbgg
1
vulnerability VCID-5hd3-vbtf-5kbj
2
vulnerability VCID-885t-ndak-wkbp
3
vulnerability VCID-anhp-z432-aycz
4
vulnerability VCID-awyc-1jgv-vbfm
5
vulnerability VCID-tn7y-ddeq-57bc
6
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.9.0
aliases CVE-2024-21642, GHSA-7hfx-h3j3-rwq4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy2-59vh-sqgc
3
url VCID-885t-ndak-wkbp
vulnerability_id VCID-885t-ndak-wkbp
summary D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue has been fixed in version 3.20.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27194
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35037
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27194
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746
reference_id 431c6148d3c799de20e1dec86c4432f48e3d0746
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T18:58:04Z/
url https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27194
reference_id CVE-2026-27194
reference_type
scores
0
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27194
4
reference_url https://github.com/advisories/GHSA-c87c-78rc-vmv2
reference_id GHSA-c87c-78rc-vmv2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c87c-78rc-vmv2
5
reference_url https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2
reference_id GHSA-c87c-78rc-vmv2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T18:58:04Z/
url https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2
fixed_packages
0
url pkg:pypi/dtale@3.20.0
purl pkg:pypi/dtale@3.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.20.0
aliases CVE-2026-27194, GHSA-c87c-78rc-vmv2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-885t-ndak-wkbp
4
url VCID-anhp-z432-aycz
vulnerability_id VCID-anhp-z432-aycz
summary
references
0
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
1
reference_url https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c90466cff13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/f63af7bd-5438-4b36-a39b-4c90466cff13
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0655
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0655
3
reference_url https://github.com/advisories/GHSA-gjxm-x497-4h6h
reference_id GHSA-gjxm-x497-4h6h
reference_type
scores
url https://github.com/advisories/GHSA-gjxm-x497-4h6h
fixed_packages
0
url pkg:pypi/dtale@3.17.0
purl pkg:pypi/dtale@3.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885t-ndak-wkbp
1
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.17.0
aliases CVE-2025-0655, GHSA-gjxm-x497-4h6h
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anhp-z432-aycz
5
url VCID-awyc-1jgv-vbfm
vulnerability_id VCID-awyc-1jgv-vbfm
summary D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55890
reference_id
reference_type
scores
0
value 0.06586
scoring_system epss
scoring_elements 0.91368
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55890
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55890
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55890
3
reference_url https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a
reference_id 1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-13T18:48:32Z/
url https://github.com/man-group/dtale/commit/1e26ed3ca12fe83812b90f12a2b3e5fb0b740f7a
4
reference_url https://github.com/man-group/dtale#custom-filter
reference_id dtale#custom-filter
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-13T18:48:32Z/
url https://github.com/man-group/dtale#custom-filter
5
reference_url https://github.com/advisories/GHSA-832w-fhmw-w4f4
reference_id GHSA-832w-fhmw-w4f4
reference_type
scores
url https://github.com/advisories/GHSA-832w-fhmw-w4f4
6
reference_url https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4
reference_id GHSA-832w-fhmw-w4f4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-13T18:48:32Z/
url https://github.com/man-group/dtale/security/advisories/GHSA-832w-fhmw-w4f4
fixed_packages
0
url pkg:pypi/dtale@3.16.1
purl pkg:pypi/dtale@3.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885t-ndak-wkbp
1
vulnerability VCID-anhp-z432-aycz
2
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.16.1
aliases CVE-2024-55890, GHSA-832w-fhmw-w4f4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awyc-1jgv-vbfm
6
url VCID-tn7y-ddeq-57bc
vulnerability_id VCID-tn7y-ddeq-57bc
summary D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45595
reference_id
reference_type
scores
0
value 0.01635
scoring_system epss
scoring_elements 0.82329
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45595
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8
reference_id b6e30969390520d1400b55acbb13e5487b8472e8
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T18:56:46Z/
url https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45595
reference_id CVE-2024-45595
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45595
4
reference_url https://github.com/man-group/dtale#custom-filter
reference_id dtale#custom-filter
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T18:56:46Z/
url https://github.com/man-group/dtale#custom-filter
5
reference_url https://github.com/advisories/GHSA-pw44-4h99-wqff
reference_id GHSA-pw44-4h99-wqff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw44-4h99-wqff
6
reference_url https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff
reference_id GHSA-pw44-4h99-wqff
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T18:56:46Z/
url https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff
fixed_packages
0
url pkg:pypi/dtale@3.14.1
purl pkg:pypi/dtale@3.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-885t-ndak-wkbp
1
vulnerability VCID-anhp-z432-aycz
2
vulnerability VCID-awyc-1jgv-vbfm
3
vulnerability VCID-vzvu-nw6m-tfep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.14.1
aliases CVE-2024-45595, GHSA-pw44-4h99-wqff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn7y-ddeq-57bc
7
url VCID-vzvu-nw6m-tfep
vulnerability_id VCID-vzvu-nw6m-tfep
summary D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. This vulnerability is fixed in 3.22.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35052
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31199
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35052
1
reference_url https://github.com/man-group/dtale
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/man-group/dtale
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35052
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35052
3
reference_url https://github.com/advisories/GHSA-436g-fhfc-9g5w
reference_id GHSA-436g-fhfc-9g5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-436g-fhfc-9g5w
4
reference_url https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w
reference_id GHSA-436g-fhfc-9g5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:18:40Z/
url https://github.com/man-group/dtale/security/advisories/GHSA-436g-fhfc-9g5w
fixed_packages
0
url pkg:pypi/dtale@3.22.0
purl pkg:pypi/dtale@3.22.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.22.0
aliases CVE-2026-35052, GHSA-436g-fhfc-9g5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzvu-nw6m-tfep
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/dtale@3.8.1