Python
CVE-2026-33140
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
PySpector versions <= 0.1.6 are affected by a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads (i.e. inside a string passed to eval() ), the flagged code snippet is interpolated into the HTML report without sanitization. Opening the generated report in a browser causes the embedded JavaScript to execute in the browser's local file context.
Impact
An attacker can craft a malicious Python file (for example, hosted in a public repository), designed to be scanned by PySpector. When a victim scans this file and opens the resulting HTML report, arbitrary JavaScript executes in their browser. While the file:// context limits the attacker's ability to exfiltrate cookies or make credentialed requests, the following is still achievable:
- Arbitrary DOM manipulation
- Redirects to attacker-controlled pages
- Theft of locally accessible data via
fetch()orXMLHttpRequesttofile://paths (browser-dependent)
Any user of PySpector who scans untrusted code and generates HTML reports, is potentially affected.
PoC
The following steps reproduce the vulnerability on PySpector <= 0.1.6:
- Create a malicious Python file containing a JavaScript payload embedded in a string argument to
eval(), and run PySpector against the file, generating an HTML report:
<img width="871" height="752" alt="image" src="https://github.com/user-attachments/assets/1b0a57f2-3632-4347-a9b7-6a94dc2e82b2" />
- Open the generated HTML report in any browser:
<img width="1920" height="920" alt="image" src="https://github.com/user-attachments/assets/a4075c4a-6153-41b4-ad77-81d009d7a9f8" />
AnalysisAI
PySpector versions 0.1.6 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator that fails to sanitize JavaScript payloads embedded within scanned Python code. When a victim scans a malicious Python file crafted by an attacker and opens the resulting HTML report in a browser, the embedded JavaScript executes in the local file context, potentially enabling DOM manipulation, page redirects, and theft of locally accessible data. A proof-of-concept demonstrating the vulnerability has been publicly disclosed.
Technical ContextAI
PySpector is a Python code analysis tool that generates HTML reports from static analysis results. The vulnerability exists in the HTML report generation component where code snippets flagged during scanning are interpolated directly into the HTML output without proper encoding or sanitization. The affected product is identified by CPE pkg:pip/pyspector. The root cause is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a classic reflected and stored XSS weakness. When PySpector processes a Python file containing JavaScript code within string literals (particularly within eval() arguments), the flagged snippet is embedded into the HTML report. Modern browsers parse and execute this JavaScript when the report is opened, even in the file:// context, because the HTML lacks proper output encoding mechanisms such as HTML entity encoding or Content Security Policy headers.
RemediationAI
Upgrade PySpector to a version later than 0.1.6 as soon as a patched release becomes available; verify the patch at the vendor advisory https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-2gmv-2r3v-jxj2. As an interim mitigation, avoid scanning untrusted or adversarially-crafted Python files with PySpector, restrict the generation of HTML reports to trusted code only, and consider opening generated reports only in restricted browser contexts or sandboxed environments. For organizations using PySpector in automated CI/CD pipelines, disable HTML report generation or implement manual review gates for reports generated from third-party or public repositories until patching is complete.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-2gmv-2r3v-jxj2