{"package":"dtale","ecosystem":"pypi","latest_version":"3.22.0","description":"Web Client for Visualizing Pandas Objects","license":"LGPL","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://github.com/man-group/dtale","repository":"https://github.com/man-group/dtale","downloads_weekly":13181,"health":{"score":67,"risk":"moderate","breakdown":{"maintenance":25,"popularity":10,"security":15,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2024-3408","severity":"critical","summary":"man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint,","affected_versions":"<32bd6fb4a63de779ff1e51823a456865ea3cbd13|=1.0.0|=1.1.1|=1.10.0|=1.11.0|=1.12.1|=1.13.0|=1.14.1|=1.15.2|=1.16.0|=1.17.0|=1.18.2|=1.19.2|=1.2.0|=1.20.0|=1.21.1|=1.22.0|=1.22.1|=1.23.0|=1.24.0|=1.25.0|=1.26.0|=1.27.0|=1.28.0|=1.28.1|=1.29.0|=1.29.1|=1.3.7|=1.30.0|=1.31.0|=1.32.0|=1.32.1|=1.33.0|=1.33.1|=1.34.0|=1.35.0|=1.36.0|=1.37.0|=1.37.1|=1.38.0|=1.39.0|=1.4.1|=1.40.0|=1.40.1|=1.40.2|=1.41.0|=1.41.1|=1.42.0|=1.42.1|=1.43.0|=1.44.0|=1.44.1|=1.45.0|=1.46.0|=1.47.0|=1.48.0|=1.49.0|=1.5.1|=1.50.0|=1.50.1|=1.51.0|=1.52.0|=1.53.0|=1.54.0|=1.54.1|=1.55.0|=1.56.0|=1.57.0|=1.58.1|=1.58.2|=1.58.3|=1.59.0|=1.59.1|=1.6.1|=1.6.10|=1.6.2|=1.6.3|=1.6.4|=1.6.5|=1.6.6|=1.6.7|=1.6.8|=1.6.9|=1.60.1|=1.60.2|=1.61.0|=1.61.1|=1.7.0|=1.7.1|=1.7.10|=1.7.11|=1.7.12|=1.7.13|=1.7.14|=1.7.15|=1.7.2|=1.7.3|=1.7.4|=1.7.5|=1.7.6|=1.7.7|=1.7.8|=1.7.9|=1.8.0|=1.8.1|=1.8.10|=1.8.11|=1.8.12|=1.8.13|=1.8.14|=1.8.15|=1.8.16|=1.8.17|=1.8.18|=1.8.19|=1.8.3|=1.8.4|=1.8.6|=1.8.7|=1.8.8|=1.8.9|=1.9.0|=1.9.1|=1.9.2|=2.0.0|=2.1.0|=2.1.2|=2.10.0|=2.11.0|=2.12.0|=2.12.1|=2.12.2|=2.12.3|=2.13.0|=2.14.0|=2.14.1|=2.15.0|=2.15.2|=2.16.0|=2.2.0|=2.3.0|=2.4.0|=2.5.1|=2.6.0|=2.7.1|=2.8.0|=2.8.1|=2.9.0|=2.9.1|=3.0.0|=3.1.0|=3.1.6|=3.1.7|=3.10.0|=3.11.0|=3.12.0|=3.13.0|=3.13.1|=3.14.0|=3.14.1|=3.15.0|=3.15.1|=3.2.0|=3.3.0|=3.4.0|=3.5.0|=3.6.0|=3.7.0|=3.8.0|=3.8.1|=3.9.0|=3.16.0|=3.16.1|=3.17.0|=3.18.0|=3.18.1|=3.18.2","fixed_version":"32bd6fb4a63de779ff1e51823a456865ea3cbd13","source":"osv","published_at":"2024-06-06T19:16:00Z","in_kev":false,"epss_prob":0.91304,"epss_percentile":0.99662,"threat_tier":"likely_exploited"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"3.22.0","total_count":177,"recent":["3.10.0","3.11.0","3.12.0","3.13.0","3.13.1","3.14.0","3.14.1","3.15.0","3.15.1","3.16.0","3.16.1","3.17.0","3.18.0","3.18.1","3.18.2","3.19.0","3.19.1","3.20.0","3.21.0","3.22.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2026-04-01T13:17:38.874279Z","dependencies_count":141,"dependencies":["lz4<=2.2.1; python_version == \"2.7\"","lz4<=3.1.10; python_version == \"3.6\"","lz4; python_version > \"3.6\"","beautifulsoup4!=4.13.0b2; python_version > \"3.0\"","beautifulsoup4<=4.9.3; python_version == \"2.7\"","Brotli<=1.0.9; python_version == \"2.7\"","certifi<=2021.10.8; python_version == \"2.7\"","certifi; python_version > \"3.0\"","cycler; python_version > \"3.6\"","cycler<=0.11.0; python_version == \"3.6\"","cycler<=0.10.0; python_version == \"2.7\"","dash<=1.21.0; python_version == \"2.7\"","dash<=2.0.0; python_version == \"3.6\"","dash!=2.13.0; python_version == \"3.7\"","dash; python_version > \"3.7\"","dash-bootstrap-components==0.13.1; python_version == \"2.7\"","dash-bootstrap-components; python_version > \"3.0\"","dash_daq<=0.5.0; python_version == \"2.7\"","dataclasses<1; python_version == \"3.6\"","decorator<=4.4.2; python_version == \"2.7\"","et_xmlfile<=1.0.1; python_version < \"3.6\"","et_xmlfile; python_version >= \"3.6\"","Flask<=1.1.4; python_version < \"3.7\"","Flask<2.3; python_version == \"3.7\"","Flask; python_version >= \"3.8\"","Flask-Compress<=1.15; python_version <= \"3.8\"","Flask-Compress; python_version > \"3.8\"","future>=0.14.0","immutables<=0.19; python_version == \"3.6\"","itsdangerous<=1.1.0; python_version < \"3.7\"","itsdangerous<=2.1.2; python_version == \"3.7\"","itsdangerous; python_version >= \"3.8\"","joblib<=1.1.1; python_version == \"3.6\"","joblib<=1.3.2; python_version == \"3.7\"","kaleido<=0.2.1; python_version <= \"3.8\"","kaleido; python_version >= \"3.9\"","kiwisolver<=1.1.0; python_version < \"3.6\"","kiwisolver<=1.2.0; python_version == \"3.6\"","kiwisolver<=1.4.5; python_version == \"3.7\"","MarkupSafe<=1.1.1; python_version == \"2.7\"","MarkupSafe<=2.0.1; python_version == \"3.6\"","MarkupSafe<=2.1.5; python_version == \"3.7\"","MarkupSafe<=2.1.5; python_version == \"3.8\"","matplotlib<=2.2.5; python_version == \"2.7\"","arctic<=1.79.4; extra == \"arctic\"","matplotlib<=3.3.4; python_version == \"3.6\"","matplotlib<=3.5.3; python_version == \"3.7\"","matplotlib<=3.7.2; python_version == \"3.8\"","matplotlib<=3.9.4; python_version == \"3.9\"","matplotlib; python_version >= \"3.10\"","missingno","networkx<=2.2; python_version <= \"3.4\"","networkx<=2.4; python_version == \"3.5\"","networkx<=2.5.1; python_version == \"3.6\"","networkx<=2.6.3; python_version == \"3.7\"","networkx<=3.1; python_version == \"3.8\"","networkx<=3.2.1; python_version == \"3.9\"","networkx<=3.4.2; python_version == \"3.10\"","networkx; python_version >= \"3.11\"","numpy<=1.16.6; python_version < \"3.0\"","numpy; python_version >= \"3.0\"","openpyxl<=2.6.4; python_version < \"3.0\"","openpyxl!=3.2.0b1; python_version >= \"3.0\"","packaging","pandas","pkginfo","plotly<=4.14.3; python_version < \"3.6\"","plotly; python_version >= \"3.6\"","pyparsing<=2.4.7; python_version == \"2.7\"","requests; python_version >= \"3.8\"","requests<=2.31.0; python_version == \"3.7\"","requests<=2.27.1; python_version <= \"3.6\"","scikit-learn<=0.20.4; python_version < \"3.0\"","scikit-learn<=0.24.2; python_version == \"3.6\"","scikit-learn<=1.0.2; python_version == \"3.7\"","scikit-learn<=1.3.2; python_version == \"3.8\"","scikit-learn<=1.6.1; python_version == \"3.9\"","scikit-learn; python_version >= \"3.10\"","scipy<=1.2.3; python_version == \"2.7\"","scipy<=1.5.4; python_version == \"3.0\"","scipy<=1.5.4; python_version == \"3.1\"","scipy<=1.5.4; python_version == \"3.2\"","scipy<=1.5.4; python_version == \"3.3\"","scipy<=1.5.4; python_version == \"3.4\"","scipy<=1.5.4; python_version == \"3.5\"","scipy<=1.5.4; python_version == \"3.6\"","scipy<=1.7.3; python_version == \"3.7\"","scipy<=1.10.1; python_version == \"3.8\"","scipy<=1.13.1; python_version == \"3.9\"","scipy; python_version >= \"3.10\"","seaborn<=0.9.1; python_version < \"3.6\"","seaborn<=0.11.2; python_version == \"3.6\"","seaborn<=0.12.2; python_version == \"3.7\"","seaborn; python_version > \"3.7\"","squarify","statsmodels<=0.10.2; python_version == \"2.7\"","statsmodels<=0.12.2; python_version == \"3.0\"","statsmodels<=0.12.2; python_version == \"3.1\"","statsmodels<=0.12.2; python_version == \"3.2\"","statsmodels<=0.12.2; python_version == \"3.3\"","statsmodels<=0.12.2; python_version == \"3.4\"","statsmodels<=0.12.2; python_version == \"3.5\"","statsmodels<=0.12.2; python_version == \"3.6\"","statsmodels<=0.12.2; python_version == \"3.7\"","statsmodels<=0.14.1; python_version == \"3.8\"","statsmodels; python_version > \"3.8\"","strsimpy","six","tenacity<=7.0.0; python_version == \"3.6\"","threadpoolctl<=3.1.0; python_version == \"3.6\"","threadpoolctl<=3.1.0; python_version == \"3.7\"","urllib3<=2.0.7; python_version == \"3.7\"","werkzeug<=1.0.1; python_version <= \"3.6\"","werkzeug==2.2.3; python_version == \"3.7\"","werkzeug; python_version > \"3.7\"","xarray<=0.11.3; python_version < \"3.0\"","xarray; python_version >= \"3.0\"","xlrd","zipp<=3.15.0; python_version == \"3.6\"","zstandard<=0.20.0; python_version == \"3.6\"","zstandard<=0.21.0; python_version == \"3.7\"","zstandard<=0.14.0; python_version == \"2.7\"","arcticdb; extra == \"arcticdb\"","ParmEd==3.4.3; python_version == \"3.6\" and extra == \"dash-bio\"","dash-bio; python_version > \"3.0\" and extra == \"dash-bio\"","dash-bio==0.7.1; python_version == \"2.7\" and extra == \"dash-bio\"","flask-ngrok; python_version > \"3.0\" and extra == \"ngrok\"","rpy2; python_version > \"3.0\" and extra == \"r\"","redis; extra == \"redis\"","redislite; extra == \"redis\"","streamlit; extra == \"streamlit\"","swifter; extra == \"swifter\"","importlib-metadata<=3.7.3; python_version <= \"3.6\" and extra == \"tests\"","importlib-metadata; python_version != \"3.6\" and extra == \"tests\"","ipython<8.0.0; extra == \"tests\"","mock; extra == \"tests\"","nbconvert; extra == \"tests\"","pytest; extra == \"tests\"","pytest-cov; extra == \"tests\"","pytest-server-fixtures<=1.7.0; python_version == \"2.7\" and extra == \"tests\"","pytest-server-fixtures; python_version >= \"3.6\" and extra == \"tests\""]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"3.22.0","version_hint":"Update to >= 32bd6fb4a63de779ff1e51823a456865ea3cbd13 to fix known vulnerabilities","summary":"dtale has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":846,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":29,"avg_days_between_releases":null,"release_velocity":"active"}}