Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Streamlit

Streamlit Vendor Cyber Rating & Cyber Score

streamlit.io
cbin
Add Your Compliance Badge
ISO 27001
SOC 2 Type 1
SOC 2 Type 2
PCI DSS
HIPAA
GDPR

Streamlit is an open-source Python framework for data scientists and AI/ML engineers to deliver dynamic data apps in only a few lines of code


Streamlit A.I CyberSecurity Scoring

Incident Details
Streamlit
Company Information
Website:http://streamlit.io
Employees number:35
Number of followers:102,271
NAICS:5112
Industry Type:Software Development
Homepage:streamlit.io
Cyber Premium EstimationGet Supply Chain
Streamlit Risk Score (AI oriented)
Between 700 and 749
logo
StreamlitSoftware Development
Updated:
02/04/2026
730/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Streamlit Global Score (TPRM)
xxxx
logo
StreamlitSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Streamlit
StreamlitModerate
Current Score
730Ba (MODERATE)
01000
2 incidents
-12 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JUNE 2026
732Before Incident
MAY 2026
731Before Incident
APRIL 2026
730Before Incident
MARCH 2026
750Before Incident
Cyber Attack
17 Mar 2026Streamlit
GitHub, Streamlit and Python Package Index: Ongoing Python Package Attack Uses Stolen GitHub Tokens

GlassWorm Malware Campaign Exploits Stolen GitHub Tokens to Infect Python Repositories

729After Incident
CRITICAL-21
STRGITTHE1773750273
GlassWorm Malware Campaign Exploits Stolen GitHub Tokens to Infect Python Repositories Security researchers at StepSecurity have uncovered an active malware campaign, dubbed GlassWorm, which is leveraging stolen GitHub tokens to inject malicious code into a wide range of Python repositories. The attack targets core project files including setup.py, main.py, and app.py across multiple Python ecosystems, such as Django applications, machine learning research code, Streamlit dashboards, and packages on the Python Package Index (PyPI). The campaign employs obfuscation techniques to evade detection, making it difficult for developers and security teams to identify compromised code. Once executed, the injected payload can enable remote access, facilitate data exfiltration, or further propagate the infection within connected networks and systems. Given Python’s widespread use in web development, data analytics, and scientific research, the attack poses significant risks to the integrity and security of applications built on these repositories. The primary entry point stolen GitHub tokens highlights the growing threat of supply chain attacks, where attackers exploit weak authentication controls to compromise trusted codebases. StepSecurity has confirmed the campaign’s ongoing activity, emphasizing the need for heightened vigilance in token management and code review processes to mitigate further exposure.
INCIDENT DETAILS -
TYPE
Malware Campaign
IMPACT
Data Compromised: Malicious code injection enabling remote access and data exfiltrationSystems Affected: Python repositories (Django applications, machine learning research code, Streamlit dashboards, PyPI packages)Operational Impact: Potential compromise of application integrity and security
DATA BREACH
Type Of Data Compromised: Source code, potential sensitive data via remote accessData Exfiltration: Possiblesetup.pymain.pyapp.py
REFERENCES
Blog URLSource URL
FEBRUARY 2026
750Before Incident
JANUARY 2026
750Before Incident
DECEMBER 2025
750Before Incident
NOVEMBER 2025
750Before Incident
OCTOBER 2025
750Before Incident
SEPTEMBER 2025
750Before Incident
AUGUST 2025
752Before Incident
Vulnerability
05 Aug 2025Streamlit
Streamlit

Streamlit Vulnerability Enabling Cloud Account Takeover Attacks

749After Incident
CRITICAL-3
STR222080925
A critical vulnerability in Streamlit's st.file_uploader component allowed attackers to bypass file type restrictions and gain unauthorized access to cloud instances running Streamlit applications. This flaw enabled cloud account takeovers, financial data tampering, and potential manipulation of stock market dashboards, leading to cascading effects such as automated trading system responses to false signals and investor decisions based on fraudulent trends. The vulnerability was patched in version 1.43.2, but the exposure posed significant risks to financial institutions and other organizations relying on Streamlit for data applications.
INCIDENT DETAILS -
TYPE
Cloud Account Takeover
IMPACT
Cloud instances running Streamlit applicationsOperational Impact: Potential manipulation of financial data and automated trading systems
REFERENCES
Blog URLSource URL
JULY 2025
752Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Streamlit ?
?
What was Streamlit's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in August 2025 ?
?
What was Streamlit's A.I Rankiteo Cyber Score in July 2025 ?
?
What is the average per-incident point impact on Streamlit's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Streamlit ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Streamlit's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?