Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nicegui — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in nicegui, with AI-generated Chinese analysis, references, and POCs.

Vendor: zauberzeug

CVE IDTitleCVSSSeverityPublished
CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization CWE-22 5.9 Medium2026-04-08
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion CWE-20 7.5 -2026-03-24
CVE-2026-27156 NiceGUI has XSS via Code Injection CWE-79 6.1 Medium2026-02-24
CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content CWE-79 6.1 Medium2026-02-06
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write CWE-22 7.5 High2026-02-06
CVE-2026-21874 NiceGUI has Redis connection leak via tab storage causes service degradation CWE-772 5.3 Medium2026-01-08
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages` CWE-79 7.2 High2026-01-08
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links CWE-79 6.1 Medium2026-01-08
CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() CWE-79 6.1 Medium2026-01-08
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading CWE-22 7.5 High2025-12-09
CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content CWE-79 6.1 Medium2025-12-09
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection CWE-79 6.1 Medium2025-12-08
CVE-2025-53354 NiceGUI is vulnerable to Reflected XSS attack CWE-79 6.1 Medium2025-10-03
CVE-2025-21618 NiceGUI On Air authentication issue CWE-287 7.5 High2025-01-06
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component CWE-23 8.2 High2024-04-12

All 15 known CVE vulnerabilities affecting nicegui with full Chinese analysis, references, and POCs where available.