{"package":"dtale","ecosystem":"conda","latest_version":"3.22.0","description":"D-Tale is the combination of a Flask back-end and a React front-end to bring you an easy way to view & analyze Pandas data structures","license":"LGPL-2.1-only","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://github.com/man-group/dtale/","repository":"https://github.com/man-group/dtale/","downloads_weekly":1761,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":25,"popularity":6,"security":15,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2024-3408","severity":"critical","summary":"man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint,","affected_versions":"<32bd6fb4a63de779ff1e51823a456865ea3cbd13|=1.0.0|=1.1.1|=1.10.0|=1.11.0|=1.12.1|=1.13.0|=1.14.1|=1.15.2|=1.16.0|=1.17.0|=1.18.2|=1.19.2|=1.2.0|=1.20.0|=1.21.1|=1.22.0|=1.22.1|=1.23.0|=1.24.0|=1.25.0|=1.26.0|=1.27.0|=1.28.0|=1.28.1|=1.29.0|=1.29.1|=1.3.7|=1.30.0|=1.31.0|=1.32.0|=1.32.1|=1.33.0|=1.33.1|=1.34.0|=1.35.0|=1.36.0|=1.37.0|=1.37.1|=1.38.0|=1.39.0|=1.4.1|=1.40.0|=1.40.1|=1.40.2|=1.41.0|=1.41.1|=1.42.0|=1.42.1|=1.43.0|=1.44.0|=1.44.1|=1.45.0|=1.46.0|=1.47.0|=1.48.0|=1.49.0|=1.5.1|=1.50.0|=1.50.1|=1.51.0|=1.52.0|=1.53.0|=1.54.0|=1.54.1|=1.55.0|=1.56.0|=1.57.0|=1.58.1|=1.58.2|=1.58.3|=1.59.0|=1.59.1|=1.6.1|=1.6.10|=1.6.2|=1.6.3|=1.6.4|=1.6.5|=1.6.6|=1.6.7|=1.6.8|=1.6.9|=1.60.1|=1.60.2|=1.61.0|=1.61.1|=1.7.0|=1.7.1|=1.7.10|=1.7.11|=1.7.12|=1.7.13|=1.7.14|=1.7.15|=1.7.2|=1.7.3|=1.7.4|=1.7.5|=1.7.6|=1.7.7|=1.7.8|=1.7.9|=1.8.0|=1.8.1|=1.8.10|=1.8.11|=1.8.12|=1.8.13|=1.8.14|=1.8.15|=1.8.16|=1.8.17|=1.8.18|=1.8.19|=1.8.3|=1.8.4|=1.8.6|=1.8.7|=1.8.8|=1.8.9|=1.9.0|=1.9.1|=1.9.2|=2.0.0|=2.1.0|=2.1.2|=2.10.0|=2.11.0|=2.12.0|=2.12.1|=2.12.2|=2.12.3|=2.13.0|=2.14.0|=2.14.1|=2.15.0|=2.15.2|=2.16.0|=2.2.0|=2.3.0|=2.4.0|=2.5.1|=2.6.0|=2.7.1|=2.8.0|=2.8.1|=2.9.0|=2.9.1|=3.0.0|=3.1.0|=3.1.6|=3.1.7|=3.10.0|=3.11.0|=3.12.0|=3.13.0|=3.13.1|=3.14.0|=3.14.1|=3.15.0|=3.15.1|=3.2.0|=3.3.0|=3.4.0|=3.5.0|=3.6.0|=3.7.0|=3.8.0|=3.8.1|=3.9.0|=3.16.0|=3.16.1|=3.17.0|=3.18.0|=3.18.1|=3.18.2","fixed_version":"32bd6fb4a63de779ff1e51823a456865ea3cbd13","source":"osv","published_at":"2024-06-06T19:16:00Z","in_kev":false,"epss_prob":0.91304,"epss_percentile":0.99663,"threat_tier":"likely_exploited"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"3.22.0","total_count":160,"recent":["3.10.0","3.11.0","3.12.0","3.13.0","3.13.1","3.14.0","3.14.1","3.15.0","3.15.1","3.16.0","3.16.1","3.17.0","3.18.0","3.18.1","3.18.2","3.19.0","3.19.1","3.20.0","3.21.0","3.22.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-05-31 14:48:59.449000+00:00","last_published":"2026-04-01 13:43:46.846000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"3.22.0","version_hint":"Update to >= 32bd6fb4a63de779ff1e51823a456865ea3cbd13 to fix known vulnerabilities","summary":"dtale has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":2158,"last_release_days_ago":28,"avg_days_between_releases":114,"release_velocity":"active"}}