AI Threat Alert AI Threat Alert

Streamlit

pip ML UI
13
Total CVEs
9
Critical
pip
Ecosystem
Mar 26, 2026
Last CVE

Known Vulnerabilities (13 shown)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-33682 Streamlit: SSRF leaks NTLMv2 creds via UNC path 4.7 Mar 26, 2026 MEDIUM CVE-2024-42474 Streamlit: path traversal leaks Windows NTLM hash 6.5 Aug 12, 2024 CRITICAL CVE-2024-41120 streamlit-geospatial: blind SSRF via unvalidated URL input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41119 streamlit-geospatial: RCE via eval() on vis_params input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41118 streamlit-geospatial: blind SSRF via WMS URL input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41117 streamlit-geospatial: eval() injection allows RCE 9.8 Jul 26, 2024 CRITICAL CVE-2024-41116 streamlit-geospatial: RCE via eval() injection 9.8 Jul 26, 2024 CRITICAL CVE-2024-41115 streamlit-geospatial: eval() injection enables RCE 9.8 Jul 26, 2024 CRITICAL CVE-2024-41114 streamlit-geospatial: RCE via eval() on palette input 9.8 Jul 26, 2024 CRITICAL CVE-2024-41113 streamlit-geospatial: RCE via eval() in Timelapse page 9.8 Jul 26, 2024 CRITICAL CVE-2024-41112 streamlit-geospatial: RCE via eval() on palette input 9.8 Jul 26, 2024 MEDIUM CVE-2023-27494 Streamlit: reflected XSS enables session hijacking 6.1 Mar 16, 2023 MEDIUM CVE-2022-35918 Streamlit: path traversal leaks server filesystem 6.5 Aug 1, 2022

Monitor Streamlit in your stack

Get instant alerts when new vulnerabilities affect Streamlit. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring