Skip to content

streamlit

Build & Package

Streamlit — A faster way to build and share data apps.

Track releases GitHub Website
Python Latest 1.58.0 · 6d ago Security brief →

Features

  • Turn Python scripts into interactive web apps in minutes
  • Live‑editing: app updates instantly as you edit the script
  • Rich UI elements (widgets, charts, dataframes, multi‑page layouts)
  • Free Community Cloud for easy deployment and sharing

Security Response History

1 CVE
CVE Severity Disclosed Patched (this tool) vs Ecosystem Median
CVE-2023-4863 KEV high
CVSS 8.8
 2023-09-13 2026-01-14 2y 4mo / median 2y 4mo

Recent releases

View all 7 releases →
Review required
1.58.0 Security relevant
Auth RBAC

Breaking removals + new features

patches CVE-2023-4863
Open
1.57.0 Breaking risk
Breaking changes
  • Starlette is now the default server; Tornado removed
  • Removed deprecated kwargs from st.plotly_chart and st.vega_lite_chart
  • Removed deprecated _get_websocket_headers function
Notable features
  • Expose st.App in st namespace
  • Expose st.bottom container
  • Add secrets parameter to st.App
Full changelog

What's Changed

Breaking Changes 🛠

  • [feature] Make Starlette the default server and remove Tornado by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14553
  • [chore] Remove deprecated kwargs from plotly_chart and vega_lite_chart by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14800
  • [chore] Remove deprecated _get_websocket_headers function by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14801
  • [feature] Direct polars to arrow conversion bypassing pandas by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14885

New Features 🎉

  • [feature] Hide chevron for menu-style icon labels for st.menu_button and st.popover by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14697
  • [feature] Add pills, segmented_control properties and dataframe key to AppTest by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14518
  • [feature] Add title parameter to alert elements by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14665
  • [feat] Add :shimmer[] markdown directive for animated loading text by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14055
  • [feature] Expose App in the st namespace by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14722
  • Bundle OSS developing-with-streamlit core skills in pip package by @sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/14745
  • [fix] Add border radius to video and map elements by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14781
  • [feature] Add secrets parameter to st.App by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14861
  • Add app and theme templates to bundled skills by @sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/14746
  • [feature] Expose st.bottom container by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14726

Bug Fixes 🐛

  • [feature] Deduplicate equivalent file extensions in file uploader display by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14552
  • [fix] st.dataframe crash with pandas 3 ArrowStringArray by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14611
  • fix(caching): chain original exception in UnserializableReturnValueError by @mango766 in https://github.com/streamlit/streamlit/pull/14655
  • [fix] inconsistent space encoding in query params by @sfc-gh-lwilby in https://github.com/streamlit/streamlit/pull/14691
  • [fix] Preserve None values in st.data_editor with pandas 3.0+ by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14694
  • [Fix] Add CSS Color Level 4 support by @mayagbarnes in https://github.com/streamlit/streamlit/pull/14674
  • [fix] Evict namespace children when watched sources reload by @sfc-gh-lwilby in https://github.com/streamlit/streamlit/pull/14708
  • [fix] Downcast large Arrow types in custom component v1 serialization by @sfc-gh-nbellante in https://github.com/streamlit/streamlit/pull/14617
  • [fix] Retain st.radio selection for format_func and custom options by @sfc-gh-lwilby in https://github.com/streamlit/streamlit/pull/14815
  • Fix bar_chart axis labels not swapping when horizontal=True by @kmcgrady in https://github.com/streamlit/streamlit/pull/14866
  • [fix] st.text_area height='content' sizing on initial load by @lukasmasuch in https://github.com/streamlit/streamlit/pull/14884

Other Changes

  • [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14576
  • [chore] Release v1.56.0 by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14598
  • Docs for dataframe programmatic selections by @MathCatsAnd in https://github.com/streamlit/streamlit/pull/14616
  • [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14649
  • [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14752
  • [chore] Update emojis/material icons by @github-actions[bot] in https://github.com/streamlit/streamlit/pull/14869
  • Docs for audio and video columns by @MathCatsAnd in https://github.com/streamlit/streamlit/pull/14628

New Contributors

  • @dagecko made their first contribution in https://github.com/streamlit/streamlit/pull/14554
  • @mango766 made their first contribution in https://github.com/streamlit/streamlit/pull/14655
  • @sfc-gh-wschmitt made their first contribution in https://github.com/streamlit/streamlit/pull/14922

Full Changelog: https://github.com/streamlit/streamlit/compare/1.56.0...1.57.0

View release on GitHub
1.56.0 New feature
Notable features
  • New st.menu_button widget and st.iframe command
  • AudioColumn and VideoColumn for st.column_config
  • State persistence for tabs, expanders, and popovers
View release on GitHub
1.55.0 Breaking risk
Breaking changes
  • SnowparkConnection marked as deprecated
Security fixes
  • Prevent SSRF attacks via path traversal in component file handling
Notable features
  • Query parameter binding for multiple widgets
  • Dynamic containers with state persistence
  • OAuth and OIDC token improvements
View release on GitHub
1.54.0 Breaking risk
Breaking changes
  • Removed experimental query params
  • Removed deprecated st.experimental_user command
  • add_rows deprecation now shown in browser
Notable features
  • Use key as main identity for dataframe and vega chart selections
  • Dynamic parameter changes for date_input and datetime_input
  • Support for material icons and emojis in st.logo
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
44,798
Forks
4,256
Languages
Python TypeScript JavaScript
Downloads/week
997 ↑74%
NPM Maintainers
6
Contributors
329
TypeScript
Types included ✓
View on GitHub View on npm Homepage Documentation

Install & Platforms

Install via
pip

Community & Support

Community

Similar tools

StencilBox
ganymede
loops-server
Redash
Openmeetings

Beta — feedback welcome: [email protected]