What is GHSA-w832-gg5g-x44m?

GHSA-w832-gg5g-x44m is a security advisory published by GitHub Security Advisories with Low severity. Open redirect endpoint in Datasette

Which CVE IDs does GHSA-w832-gg5g-x44m cover?

GHSA-w832-gg5g-x44m covers the following CVE IDs: CVE-2025-64481. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

Which products are affected by GHSA-w832-gg5g-x44m?

GHSA-w832-gg5g-x44m affects 2 products, including: pip/datasette:\u003c 0.65.2; pip/datasette:\u003e= 1.0a0, \u003c 1.0a20.

GHSA-w832-gg5g-x44mLow

Open redirect endpoint in Datasette

Vendor

GitHub Security Advisories

Published

November 6, 2025

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2025-64481 →

📋 Description

Impact

Deployed instances of Datasette prior to 0.65.2 and 1.0a21 include an open redirect vulnerability.

Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar.

Patches

This problem has been patched in both Datasette 0.65.2 and 1.0a21.

Workarounds

If Datasette is running behind a proxy that proxy could be configured to replace // with / in incoming request URLs.

🎯 Affected products2

pip/datasette:< 0.65.2
pip/datasette:>= 1.0a0, < 1.0a20

🔗 References (6)

https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m
https://github.com/simonw/datasette/issues/2429
https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05
https://nvd.nist.gov/vuln/detail/CVE-2025-64481
https://github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2025-73.yaml
https://github.com/advisories/GHSA-w832-gg5g-x44m