VDB
KO
HIGH 7.8

PYSEC-2026-2060

ydata cross-site scripting

Details

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ydata-profiling
Introduced in: 3.7.0

No fixed version published yet for ydata-profiling (pip). Pin to a known-safe version or switch to an alternative.

References