CVE-2025-64481: Open redirect endpoint in Datasette
(updated )
Deployed instances of Datasette prior to 0.65.2 and 1.0a21 include an open redirect vulnerability.
Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar.
References
- github.com/advisories/GHSA-w832-gg5g-x44m
- github.com/pypa/advisory-database/tree/main/vulns/datasette/PYSEC-2025-73.yaml
- github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05
- github.com/simonw/datasette/issues/2429
- github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m
- nvd.nist.gov/vuln/detail/CVE-2025-64481
Code Behaviors & Features
Detect and mitigate CVE-2025-64481 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →