Is dtale safe to use?

dtale has 1 known vulnerabilities on the latest version (3.22.0). DepScope rates its health at 63/100 (moderate risk).

What is the latest version of dtale?

The latest version of dtale is 3.22.0, released 2026-04-01.

Yes. dtale has 1 known vulnerabilities. See depscope.dev/pkg/conda/dtale for details.

No, dtale is actively maintained. Latest release: 3.22.0 (2026-04-01).

DepScope has no curated alternatives for dtale at this time.

dtale is licensed under LGPL-2.1-only.

condav3.22.0

D-Tale is the combination of a Flask back-end and a React front-end to bring you an easy way to view & analyze Pandas data structures

License LGPL-2.1-only160 versions1 maintainers0 deps1,761 weekly dl

/ 100

Health

do not use

dtale has critical vulnerabilities — do not use

Update to >= 32bd6fb4a63de779ff1e51823a456865ea3cbd13 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

6/20

popularity

15/25

security

15/15

maturity

2/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2024-3408	man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint,	32bd6fb4a63de779ff1e51823a456865ea3cbd13

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/dtale

First published · 2020-05-31 14:48:59.449000+00:00

Last updated · 2026-04-01 13:43:46.846000+00:00