GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
High
CVE-2026-25732
was published
for
nicegui
(pip)
Feb 5, 2026
NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Moderate
CVE-2026-25516
was published
for
nicegui
(pip)
Feb 5, 2026
NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
High
CVE-2026-21873
was published
for
nicegui
(pip)
Jan 8, 2026
NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
Moderate
CVE-2026-21872
was published
for
nicegui
(pip)
Jan 8, 2026
NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
Moderate
CVE-2026-21871
was published
for
nicegui
(pip)
Jan 8, 2026
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
High
CVE-2025-66645
was published
for
nicegui
(pip)
Dec 9, 2025
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
Moderate
CVE-2025-66470
was published
for
nicegui
(pip)
Dec 8, 2025
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Moderate
CVE-2025-66469
was published
for
nicegui
(pip)
Dec 8, 2025
ProTip!
Advisories are also available from the
GraphQL API