dtale
pypiv3.22.0Web Client for Visualizing Pandas Objects
License LGPL177 versions1 maintainers141 deps13,181 weekly dl
man-group/dtale72
/ 100
Health
do not use
dtale has critical vulnerabilities — do not use
Update to >= 32bd6fb4a63de779ff1e51823a456865ea3cbd13 to fix known vulnerabilities
- 1 critical vulnerabilities
Health breakdown0 – 100
25/25
maintenance
10/20
popularity
15/25
security
15/15
maturity
7/15
community
Vulnerabilities
1
1 critical
Advisories (1)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| critical | CVE-2024-3408 | man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, | 32bd6fb4a63de779ff1e51823a456865ea3cbd13 |
Threat intelligence
1 likely exploited (EPSS ≥ 0.5)
Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.
Health History
Dependency Tree
License Audit
Dependencies (141)
lz4lz4lz4;beautifulsoup4beautifulsoup4Brotlicertificertifi;cycler;cyclercyclerdashdashdashdash;dash-bootstrap-componentsdash-bootstrap-components;dash_daqdataclassesdecoratoret_xmlfileet_xmlfile;FlaskFlaskFlask;Flask-CompressFlask-Compress;futureimmutablesitsdangerousitsdangerousitsdangerous;joblibjoblibkaleidokaleido;kiwisolverkiwisolverkiwisolverMarkupSafeMarkupSafeMarkupSafeMarkupSafematplotlibarcticmatplotlibmatplotlibmatplotlibmatplotlibmatplotlib;missingnonetworkxnetworkxnetworkxnetworkxnetworkxnetworkxnetworkxnetworkx;numpy
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/pypi/dtaleLast updated · 2026-04-01T13:17:38.874279Z