HIGH 7.8
PYSEC-2026-2060
ydata cross-site scripting
Details
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / ydata-profiling
Introduced in:
3.7.0 No fixed version published yet for ydata-profiling (pip). Pin to a known-safe version or switch to an alternative.