CRITICAL 9.8 PyPI
GHSA-2679-6mx9-h9xc · CVE-2026-39987 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
Modified: 5/5/2026
package
PyPI / marimo
pkg:pypi/marimo
MEDIUM 6.1 PyPI
GHSA-8m59-7xv8-735h · CVE-2026-54386 marimo contains a reflected cross-site scripting vulnerability in the notebook page
Modified: 6/18/2026
MEDIUM PyPI
GHSA-xjv7-6w92-42r7 marimo vulnerable to proxy abuse of /mpl/{port}/
Modified: 11/20/2025