AI Threat Alert

Streamlit Vulnerabilities

pip ML UI

47

Risk Score

13

Total CVEs

9

Critical

pip

Ecosystem

Mar 26, 2026

Last CVE

8%

Patch Rate

0d

Avg Time to Patch

44,609 stars 4,262 forks 1,304 issues 2,811 dependents Last push May 16, 2026

OpenSSF Scorecard 7.2/10

Known Vulnerabilities (13 total, page 1 of 1)

Severity CVE ID Summary CVSS Published

MEDIUM CVE-2026-33682 Streamlit: SSRF leaks NTLMv2 creds via UNC path 4.7 Mar 26, 2026 MEDIUM CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash 6.5 Aug 12, 2024 CRITICAL CVE-2024-41120 streamlit-geospatial: blind SSRF via unvalidated URL input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41119 streamlit-geospatial: RCE via eval() on vis_params input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41118 streamlit-geospatial: blind SSRF via WMS URL input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41117 streamlit-geospatial: eval() injection allows RCE 9.8 Jul 26, 2024 CRITICAL CVE-2024-41116 streamlit-geospatial: RCE via eval() injection 9.8 Jul 26, 2024 CRITICAL CVE-2024-41115 streamlit-geospatial: eval() injection enables RCE 9.8 Jul 26, 2024 CRITICAL CVE-2024-41114 streamlit-geospatial: RCE via eval() on palette input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41113 streamlit-geospatial: RCE via eval() in Timelapse page 9.8 Jul 26, 2024 CRITICAL CVE-2024-41112 streamlit-geospatial: RCE via eval() on palette input 9.8 Jul 26, 2024 MEDIUM CVE-2023-27494 Streamlit: reflected XSS enables session hijacking 6.1 Mar 16, 2023 MEDIUM CVE-2022-35918 Streamlit: path traversal leaks server filesystem 6.5 Aug 1, 2022

Monitor Streamlit in your stack

Get instant alerts when new vulnerabilities affect Streamlit. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring