Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g39v-cvjh-8fpf
  • PyPI/ha-mcp
 Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/ 14 May
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pf93-j98v-25pv
  • PyPI/ha-mcp
 ha-mcp has XSS via Unescaped HTML in OAuth Consent Form 12 Mar
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-fmfg-9g7c-3vq7
  • PyPI/ha-mcp
 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle 12 Mar
  • Fix available
  • Severity - 5.3 (Medium)