Every CVE whose affected-product data names Zauberzeug Nicegui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-33332 — CVSS 7.5 (high): NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files() media routes…
CVE-2026-25732 — CVSS 7.5 (high): NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata…
CVE-2025-66645 — CVSS 7.5 (high): NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files()…
CVE-2026-21873 — CVSS 7.2 (high): NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by…
CVE-2026-21872 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by…
CVE-2026-21871 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass…
CVE-2025-66469 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and…
CVE-2026-25516 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which…
CVE-2025-66470 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactive_image…
CVE-2026-27156 — CVSS 6.1 (medium): NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements…
CVE-2026-39844 — CVSS 5.9 (medium): NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path separators, an…
CVE-2026-21874 — CVSS 5.3 (medium): NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by…