{"package":"datasette","ecosystem":"conda","latest_version":"0.65.2","description":"An open source multi-tool for exploring and publishing data","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://datasette.io/","repository":"https://github.com/simonw/datasette","downloads_weekly":316,"health":{"score":55,"risk":"high","breakdown":{"maintenance":15,"popularity":3,"security":23,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2023-40570","severity":"medium","summary":"Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to th","affected_versions":"<01e0558825b8f7ec17d3b691aa072daf122fcc74|=0.10|=0.11|=0.12|=0.13|=0.14|=0.15|=0.16|=0.17|=0.18|=0.19|=0.20|=0.21|=0.22|=0.22.1|=0.23|=0.23.1|=0.23.2|=0.24|=0.25|=0.25.1|=0.25.2|=0.26|=0.26.1|=0.26.2|=0.27|=0.27.1|=0.28|=0.29|=0.29.1|=0.29.2|=0.29.3|=0.30|=0.30.1|=0.30.2|=0.31|=0.31.1|=0.31.2|=0.32|=0.33|=0.34|=0.35|=0.36|=0.37|=0.37.1|=0.38|=0.39|=0.40|=0.41|=0.42|=0.43|=0.44|=0.45|=0.45a0|=0.45a1|=0.45a2|=0.45a3|=0.45a4|=0.45a5|=0.46|=0.47|=0.47.1|=0.47.2|=0.47.3|=0.48|=0.49|=0.49.1|=0.49a0|=0.49a1|=0.50|=0.50.1|=0.50.2|=0.50a0|=0.50a1|=0.51|=0.51.1|=0.51a0|=0.51a1|=0.51a2|=0.52|=0.52.1|=0.52.2|=0.52.3|=0.52.4|=0.52.5|=0.53|=0.54|=0.54.1|=0.54a0|=0.55|=0.56|=0.56.1|=0.57|=0.57.1|=0.57a0|=0.57a1|=0.58|=0.58.1|=0.58a0|=0.58a1|=0.59|=0.59.1|=0.59.2|=0.59.3|=0.59.4|=0.59a0|=0.59a1|=0.59a2|=0.60|=0.60.1|=0.60.2|=0.60a0|=0.60a1|=0.61|=0.61.1|=0.61a0|=0.62|=0.62a0|=0.62a1|=0.63|=0.63.1|=0.63.2|=0.63.3|=0.63a0|=0.63a1|=0.64|=0.64.1|=0.64.2|=0.64.3|=0.8|=0.9|=1.0a0|=1.0a1|=1.0a2|=1.0a3|=1.0a4|=1.0a5|=1.0a6|=0.64.4|=1.0a7|=0.64.5|=0.64.6|=0.64.7|=0.64.8|=0.65|=0.65.1|=1.0a10|=1.0a11|=1.0a12|=1.0a13|=1.0a14|=1.0a15|=1.0a16|=1.0a17|=1.0a18|=1.0a19|=1.0a8|=1.0a9","fixed_version":"01e0558825b8f7ec17d3b691aa072daf122fcc74","source":"osv","published_at":"2023-08-25T01:15:00Z","in_kev":false,"epss_prob":0.00325,"epss_percentile":0.55458,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.65.2","total_count":32,"recent":["0.60.2","0.61","0.61.1","0.62","0.63","0.63.1","0.63.2","0.63.3","0.64","0.64.1","0.64.2","0.64.3","0.64.4","0.64.5","0.64.6","0.64.7","0.64.8","0.65","0.65.1","0.65.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2021-04-21 16:46:59.352000+00:00","last_published":"2025-11-08 17:11:51.538000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"0.65.2","version_hint":"Update to >= 01e0558825b8f7ec17d3b691aa072daf122fcc74 to fix known vulnerabilities","summary":"datasette@0.65.2 is safe to use (health: 55/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":1833,"last_release_days_ago":171,"avg_days_between_releases":96,"release_velocity":"moderate"}}