How severe is GHSA-m7j5-rq9j-6jj9?

GHSA-m7j5-rq9j-6jj9 has a CVSS score of 6.1/10, rated MEDIUM. Review your exposure and patch according to your risk tolerance.

Which packages are affected by GHSA-m7j5-rq9j-6jj9?

GHSA-m7j5-rq9j-6jj9 affects the following packages: nicegui (PyPI). Ecosystems affected: PyPI.

How do I fix GHSA-m7j5-rq9j-6jj9?

Update nicegui to 3.5.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m7j5-rq9j-6jj9 is resolved across your whole dependency graph.

How do I detect GHSA-m7j5-rq9j-6jj9 in my PyPI dependencies?

Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for nicegui. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

How do I mitigate GHSA-m7j5-rq9j-6jj9 if there is no patch (or I can't update yet)?

If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

How does O3 Security protect against GHSA-m7j5-rq9j-6jj9?

O3 pinpoints whether GHSA-m7j5-rq9j-6jj9 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Is GHSA-m7j5-rq9j-6jj9 actively exploited in the wild?

No public exploit code has been indexed for GHSA-m7j5-rq9j-6jj9 yet. This does not mean the vulnerability cannot be exploited — absence of public exploits does not imply safety. Apply the recommended fix and use O3 Security to monitor your exposure.

What is the EPSS score for GHSA-m7j5-rq9j-6jj9?

GHSA-m7j5-rq9j-6jj9 has an EPSS (Exploit Prediction Scoring System) score of 0.2%, placing it in the 15th percentile of all CVEs. EPSS is maintained by FIRST.org and estimates the probability that a vulnerability will be exploited in the wild within the next 30 days. This score indicates relatively lower exploitation probability, though the CVSS severity should still guide your patching priority.

When was GHSA-m7j5-rq9j-6jj9 published, and has it been updated?

GHSA-m7j5-rq9j-6jj9 was published on January 8, 2026 and was last updated on February 3, 2026. Advisory data evolves as severity scores, affected ranges, and exploit intelligence are revised — always check the latest version of the advisory before acting.

🐍 PyPI

GHSA-m7j5-rq9j-6jj9

MEDIUM

NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

Also known asCVE-2026-21872

Published

Jan 8, 2026

Updated

Feb 3, 2026

Affected

1 pkg

Patched

1 / 1

Exploits

None indexed

EPSS Exploitation Probability

via FIRST.org ↗

0.2%probability of exploitation in next 30 days

Lower Risk15th percentile+0.22%

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

1 pkg affected

🐍nicegui

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.

Description

Summary

An unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link.

Details

On click, eventually sub_pages_navigate event is emitted. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L41-L63
SubPagesRouter (used by ui.sub_pages), lisnening on sub_pages_navigate, _handle_navigate runs. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/sub_pages_router.py#L18-L22
_handle_navigate runs run_javascript with f-string substituting self.current_path which is simply surrounded by double-quotes. The string context can be broken out easily.

https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/sub_pages_router.py#L73-L88

PoC

The minimal PoC boils down to this:

from nicegui import ui

ui.sub_pages({'/': lambda: ui.link('Go to XSS', '/"+alert(1)+"')})

ui.run()

However, it is more likely that the attack takes place with attacker-controlled input, for which this shows it:

from nicegui import app, ui

ui.sub_pages({'/': lambda: ui.label('Hello, World!')})

ui.textarea('Markdown content').bind_value(app.storage.general, 'markdown_content')

ui.markdown().bind_content_from(app.storage.general, 'markdown_content')

ui.run()

Vulnerable input is [XSS LINK](/"+alert(document.domain)+") (causes double payload execution, though)

Both cases require someone to click on the link.

Impact

Any page which uses ui.sub_pages and renders arbitrary links on screen (common case of ui.markdown) is affected.

The impact is low since a click is always required from the user, who can on-hover to discover the sketchy content of the link and stop if well-trained.

Appendix

AI is used safely to judge the CVSS scoring (input is not even provided, just the impact statement).

Please find the results in https://poe.com/s/y5DvyqgtszDGLUuHin1O

Scoring update after manual review

Scope Changed is more inline with other posted XSS vulnerabilities
Availability None: No DDoS is possible with this. Site remains performant as ever.

Affected Packages

1 total 1 fixed

Ecosystem	Package	Vulnerable range	Fix
🐍PyPI	`nicegui`	≥ 2.22.0&&< 3.5.0	3.5.0

Detection & mitigation playbook

Open-source dependency

Detect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for nicegui. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update nicegui to 3.5.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m7j5-rq9j-6jj9 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-m7j5-rq9j-6jj9 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-m7j5-rq9j-6jj9. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary An unsafe implementation in the `click` event listener used by `ui.sub_pages`, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. ### Details 1. On `click`, eventually `sub_pages_navigate` event is emitted. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L41-L63 2. SubPagesRouter (used by ui.sub_pages), lisnening on `sub_pages_navigate`, `_handle_navigate` runs. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/

O3 Security · Impact-Aware SCA

Is GHSA-m7j5-rq9j-6jj9 in your dependencies?

O3 detects GHSA-m7j5-rq9j-6jj9 across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works