Search criteria
3 vulnerabilities by simonw
CVE-2025-64481 (GCVE-0-2025-64481)
Vulnerability from cvelistv5 – Published: 2025-11-07 20:35 – Updated: 2025-11-13 14:23
VLAI?
Title
Open redirect endpoint in Datasette
Summary
Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:23:07.211122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:23:19.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datasette",
"vendor": "simonw",
"versions": [
{
"status": "affected",
"version": "\u003c 0.65.2"
},
{
"status": "affected",
"version": "\u003e= 1.0a0, \u003c 1.0a20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T20:35:39.827Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m"
},
{
"name": "https://github.com/simonw/datasette/issues/2429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simonw/datasette/issues/2429"
},
{
"name": "https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05"
}
],
"source": {
"advisory": "GHSA-w832-gg5g-x44m",
"discovery": "UNKNOWN"
},
"title": "Open redirect endpoint in Datasette"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64481",
"datePublished": "2025-11-07T20:35:39.827Z",
"dateReserved": "2025-11-05T19:12:25.101Z",
"dateUpdated": "2025-11-13T14:23:19.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40570 (GCVE-0-2023-40570)
Vulnerability from cvelistv5 – Published: 2023-08-25 00:18 – Updated: 2024-10-02 17:46
VLAI?
Title
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Summary
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.
Severity ?
5.3 (Medium)
CWE
- CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq"
},
{
"name": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T17:46:44.653326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T17:46:58.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "datasette",
"vendor": "simonw",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0a0, \u003c 1.0a4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213: Exposure of Sensitive Information Due to Incompatible Policies",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T00:18:09.134Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-7ch3-7pp7-7cpq"
},
{
"name": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simonw/datasette/commit/01e0558825b8f7ec17d3b691aa072daf122fcc74"
}
],
"source": {
"advisory": "GHSA-7ch3-7pp7-7cpq",
"discovery": "UNKNOWN"
},
"title": "Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40570",
"datePublished": "2023-08-25T00:18:09.134Z",
"dateReserved": "2023-08-16T18:24:02.389Z",
"dateUpdated": "2024-10-02T17:46:58.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32670 (GCVE-0-2021-32670)
Vulnerability from cvelistv5 – Published: 2021-06-07 21:20 – Updated: 2024-08-03 23:25
VLAI?
Title
Reflected cross-site scripting issue in Datasette
Summary
Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `&_trace=` in their query string parameters.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simonw/datasette/issues/1360"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://datasette.io/plugins/datasette-auth-passwords"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pypi.org/project/datasette/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "datasette",
"vendor": "simonw",
"versions": [
{
"status": "affected",
"version": "\u003c 0.56.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `\u0026_trace=` in their query string parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T21:20:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simonw/datasette/issues/1360"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://datasette.io/plugins/datasette-auth-passwords"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pypi.org/project/datasette/"
}
],
"source": {
"advisory": "GHSA-xw7c-jx9m-xh5g",
"discovery": "UNKNOWN"
},
"title": "Reflected cross-site scripting issue in Datasette",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32670",
"STATE": "PUBLIC",
"TITLE": "Reflected cross-site scripting issue in Datasette"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "datasette",
"version": {
"version_data": [
{
"version_value": "\u003c 0.56.1"
}
]
}
}
]
},
"vendor_name": "simonw"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datasette is an open source multi-tool for exploring and publishing data. The `?_trace=1` debugging feature in Datasette does not correctly escape generated HTML, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as [datasette-auth-passwords](https://datasette.io/plugins/datasette-auth-passwords) as an attacker could use the vulnerability to access protected data. Datasette 0.57 and 0.56.1 both include patches for this issue. If you run Datasette behind a proxy you can workaround this issue by rejecting any incoming requests with `?_trace=` or `\u0026_trace=` in their query string parameters."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g",
"refsource": "CONFIRM",
"url": "https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g"
},
{
"name": "https://github.com/simonw/datasette/issues/1360",
"refsource": "MISC",
"url": "https://github.com/simonw/datasette/issues/1360"
},
{
"name": "https://datasette.io/plugins/datasette-auth-passwords",
"refsource": "MISC",
"url": "https://datasette.io/plugins/datasette-auth-passwords"
},
{
"name": "https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks"
},
{
"name": "https://pypi.org/project/datasette/",
"refsource": "MISC",
"url": "https://pypi.org/project/datasette/"
}
]
},
"source": {
"advisory": "GHSA-xw7c-jx9m-xh5g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32670",
"datePublished": "2021-06-07T21:20:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}