Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-4h3h-63v6-88qx
  • PyPI/esphome
 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component 21 Jan
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-mxh2-ccgj-8635
  • PyPI/esphome
 ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header 02 Sep 2025
  • Fix available
  • Severity - 8.1 (High)
GHSA-5925-88xh-6h99
  • PyPI/esphome
 ESPHome vulnerable to Authentication bypass via Cross site request forgery 21 Mar 2024
  • Fix available
  • Severity - 8.1 (High)
GHSA-9p43-hj5j-96h5
  • PyPI/esphome
 esphome vulnerable to stored Cross-site Scripting in edit configuration file API 06 Mar 2024
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-8p25-3q46-8q2p
  • PyPI/esphome
 ESPHome vulnerable to remote code execution via arbitrary file write 01 Mar 2024
  • Fix available
  • Severity - 7.2 (High)
GHSA-48mj-p7x2-5jfm
  • PyPI/esphome
 Basic auth bypass in esphome 29 Sep 2021
  • Fix available
  • Severity - 8.7 (High)
PYSEC-2021-351
  • PyPI/esphome
  • github.com/esphome/esphome
 See record for full details 28 Sep 2021
  • Fix available