OSV - Open Source Vulnerabilities

GHSA-w8wv-vfpc-hw2w

PyPI/nicegui

NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows

08 Apr

Fix available
Severity - 5.9 (Medium)

GHSA-w5g8-5849-vj76

PyPI/nicegui

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

19 Mar

Fix available
Severity - 6.9 (Medium)

GHSA-78qv-3mpx-9cqq

PyPI/nicegui

NiceGUI vulnerable to XSS via Code Injection during client-side element function execution

24 Feb

Fix available
Severity - 6.1 (Medium)

GHSA-9ffm-fxg3-xrhh

PyPI/nicegui

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

05 Feb

Fix available
Severity - 7.5 (High)

GHSA-v82v-c5x8-w282

PyPI/nicegui

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

05 Feb

Fix available
Severity - 6.1 (Medium)

GHSA-mp55-g7pj-rvm2

PyPI/nicegui

NiceGUI has Redis connection leak via tab storage causes service degradation

08 Jan

Fix available
Severity - 5.3 (Medium)

GHSA-mhpg-c27v-6mxr

PyPI/nicegui

NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

08 Jan

Fix available
Severity - 7.2 (High)

GHSA-m7j5-rq9j-6jj9

PyPI/nicegui

NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

08 Jan

Fix available
Severity - 6.1 (Medium)

GHSA-7grm-h62g-5m97

PyPI/nicegui

NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

08 Jan

Fix available
Severity - 6.1 (Medium)

GHSA-hxp3-63hc-5366

PyPI/nicegui

NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read

09 Dec 2025

Fix available
Severity - 7.5 (High)

GHSA-2m4f-cg75-76w2

PyPI/nicegui

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

08 Dec 2025

Fix available
Severity - 6.1 (Medium)

GHSA-72qc-wxch-74mg

PyPI/nicegui

NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection

08 Dec 2025

Fix available
Severity - 6.1 (Medium)

GHSA-8c95-hpq2-w46f

PyPI/nicegui

NiceGUI has a Reflected XSS

03 Oct 2025

Fix available
Severity - 6.1 (Medium)

GHSA-v6jv-p6r8-j78w

PyPI/nicegui

NiceGUI On Air authentication issue

06 Jan 2025

Fix available
Severity - 7.5 (High)

GHSA-mwc7-64wg-pgvj

PyPI/nicegui

NiceGUI allows potential access to local file system

12 Apr 2024

Fix available
Severity - 8.2 (High)