Pypi/Bokeh | GitLab Advisory Database

Bokeh server applications have Incomplete Origin Validation in WebSockets

This vulnerability allows for Cross-Site WebSocket Hijacking (CSWSH) of a deployed Bokeh server instance.