PyPi: Nicegui

CVE-2025-21618

Safety vulnerability ID: 75100

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 06, 2025 Updated at Mar 18, 2025

Scan your Python projects for vulnerabilities →

Advisory

A security vulnerability was discovered in the nicegui library. The vulnerability allowed browser storage, such as cookies, to be shared across clients when accessing the application via "On Air". This could lead to sensitive information leakage or unauthorized access to user-specific data. The vulnerability has been addressed by clearing the cookies after each request.

Affected package

nicegui

Latest version: 2.13.0

Create web-based user interfaces with Python. The nice way.

Affected versions

Fixed versions

Vulnerability changelog

Bugfixes

- Avoid browser storage being shared across clients when accessing via On Air ([GHSA-v6jv-p6r8-j78w](https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w) by streamcfd, rodja)
- Fix closing tag in `ui.editor` (4148 by Alyxion)

Documentation

- Only create subheading if we have class docs (4126 by rodja)

Dependency

- Bump mypy from 1.13.0 to 1.14.0 (4130 by dependabot)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application