Browse all 4 CVE security advisories affecting streamlit. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Streamlit serves as a Python framework for rapidly building data science and machine learning applications with minimal code. Historically, it has been susceptible to remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. The platform's rapid development focus can sometimes lead to security oversights, as evidenced by its four recorded CVEs. While no major public security incidents have been widely reported, the presence of RCE vulnerabilities in past versions highlights the importance of regular updates and secure coding practices when deploying Streamlit applications in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33682 | Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure) — streamlitCWE-918 | 4.7 | Medium | 2026-03-26 |
| CVE-2024-42474 | Streamlit Path Traversal Security Vulnerability on Windows — streamlitCWE-22 | 7.5AI | HighAI | 2024-08-12 |
| CVE-2023-27494 | Streamlit Cross-site Scripting vulnerability — streamlitCWE-79 | 5.9 | Medium | 2023-03-16 |
| CVE-2022-35918 | Streamlit directory traversal vulnerability — streamlitCWE-22 | 6.5 | Medium | 2022-08-01 |
This page lists every published CVE security advisory associated with streamlit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.