HIGH8.2CVE-2024-32005NiceGUI allows potential access to local file system >= 1.4.6, < 1.4.21
HIGH7.5CVE-2026-45553NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text() from 0, < 3.12.0
HIGH7.5CVE-2026-25732NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write from 0, < 3.7.0
HIGH7.5NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
from 0, < 3.7.0
HIGH7.5NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
from 0, < 3.4.0
HIGH7.5NiceGUI On Air authentication issue
from 0, < 2.9.1
HIGH7.2NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS
>= 2.22.0, < 3.5.0
MEDIUM6.1NiceGUI vulnerable to XSS via Code Injection during client-side element function execution
from 0, < 3.8.0
MEDIUM6.1NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
from 0, < 3.7.0
MEDIUM6.1NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links
>= 2.22.0, < 3.5.0
MEDIUM6.1NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()
>= 2.13.0, < 3.5.0
MEDIUM6.1NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
from 0, < 3.4.0
MEDIUM6.1NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
from 0, < 3.4.0
MEDIUM6.1NiceGUI has a Reflected XSS
from 0, < 3.0.0
MEDIUM5.9NiceGUI: Upload filename sanitization bypass via backslashes allows path traversal on Windows
from 0, < 3.10.0
MEDIUM5.3NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes
from 0, < 3.12.0
MEDIUM5.3NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
from 0, < 3.9.0
MEDIUM5.3NiceGUI has Redis connection leak via tab storage causes service degradation
>= 2.10.0, < 3.5.0