Browse all 4 CVE security advisories affecting mesop-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mesop-dev is a web application framework primarily used for building interactive dashboards and data visualization tools. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. The project has recorded four CVEs, with notable issues including RCE through template injection and XSS via unescaped user content. While no major public security incidents have been documented, the consistent pattern of input-related vulnerabilities suggests developers should implement strict sanitization and parameterized templating when deploying mesop-dev applications in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34824 | Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service — mesopCWE-125 | 7.5 | High | 2026-04-03 |
| CVE-2026-33057 | Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py — mesopCWE-94 | 9.8 | Critical | 2026-03-20 |
| CVE-2026-33054 | Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion — mesopCWE-22 | 10.0 | Critical | 2026-03-20 |
| CVE-2025-30358 | Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks — mesopCWE-915 | 8.1 | High | 2025-03-27 |
This page lists every published CVE security advisory associated with mesop-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.