Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xmpv-j7p2-j873
  • PyPI/nautobot
 Nautobot: Management of users via REST API does not apply configured password validators 31 Mar
  • Fix available
  • Severity - 2.7 (Low)
GHSA-535g-62r7-cx6v
  • PyPI/nautobot-ssot
 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL 21 Oct 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rh67-4c8j-hjjh
  • PyPI/nautobot
 Nautobot may allows uploaded media files to be accessible without authentication 10 Jun 2025
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-wjw6-95h5-4jpx
  • PyPI/nautobot
 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating 10 Jun 2025
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-qmjf-wc2h-6x3q
  • PyPI/nautobot
 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects 29 May 2024
  • Fix available
  • Severity - 6.3 (Medium)
PYSEC-2024-166
  • PyPI/nautobot
 See record for full details 28 May 2024
  • Fix available
GHSA-r2hr-4v48-fjv3
  • PyPI/nautobot
 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages 13 May 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-jxgr-gcj5-cqqg
  • PyPI/nautobot
 nautobot has reflected Cross-site Scripting potential in all object list views 01 May 2024
  • Fix available
  • Severity - 7.5 (High)
GHSA-m732-wvh2-7cq4
  • PyPI/nautobot
 Unauthenticated views may expose information to anonymous users 26 Mar 2024
  • Fix available
  • Severity - 3.7 (Low)
GHSA-v4xv-795h-rv4h
  • PyPI/nautobot
 XSS potential in rendered Markdown fields (comments, description, notes, etc.) 23 Jan 2024
  • Fix available
  • Severity - 7.1 (High)
PYSEC-2024-16
  • PyPI/nautobot
  • github.com/nautobot/nautobot
 See record for full details 23 Jan 2024
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-vf5m-xrhm-v999
  • PyPI/nautobot
 Nautobot missing object-level permissions enforcement when running Job Buttons 22 Dec 2023
  • Fix available
  • Severity - 3.5 (Low)
PYSEC-2023-287
  • PyPI/nautobot
 See record for full details 22 Dec 2023
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-75mc-3pjc-727q
  • PyPI/nautobot
 Unauthenticated db-file-storage views 13 Dec 2023
  • Fix available
  • Severity - 3.7 (Low)
PYSEC-2023-286
  • PyPI/nautobot
  • github.com/nautobot/nautobot
 See record for full details 12 Dec 2023
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cf9f-wmhp-v4pr
  • PyPI/nautobot
 Cross-site Scripting potential in custom links, job buttons, and computed fields 22 Nov 2023
  • Fix available
  • Severity - 7.1 (High)
Load more...(1 page left)