dtale

PyPI7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting dtalepage 1 of 1

CVE-2023-46134MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.7.0
2023-10-25
vulnerable: 1.0.0 ... 3.6.0 (157 versions)
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malic…
CVE-2024-21642HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.0
2024-01-05
vulnerable: 1.0.0 ... 3.8.1 (160 versions)
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to ver…
CVE-2024-3408CRITICALCVSS 9.8EG 9.8✓ Fixed in 32bd6fb4a63de779ff1e51823a456865ea3cbd13
2024-06-06
vulnerable: 1.0.0 ... 3.18.2 (176 versions)
man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attacker…
CVE-2024-45595MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.14.1
2024-09-10
vulnerable: 1.0.0 ... 3.9.0 (167 versions)
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Fi…
CVE-2024-55890MEDIUMCVSS 6.9EG 0.0✓ Fixed in 3.16.1
2024-12-13
vulnerable: 1.0.0 ... 3.9.0 (171 versions)
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.…
CVE-2024-8862HIGHCVSS 7.3EG 7.3✓ Fixed in 3.14.1
2024-09-14
vulnerable: 1.0.0 ... 3.9.0 (167 versions)
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the …
CVE-2026-35052CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.22.0
2026-04-06
vulnerable: 1.0.0 ... 3.9.0 (176 versions)
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code exec…

Check whether dtale is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for dtale CVEs against the assets you own.

Start Free Scan →