pkg:RubyGems/openc3

8 total CVEsCRITICAL2HIGH1MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2025-68271openc3-api Vulnerable to Unauthenticated Remote Code Execution
    >= 5.0.6, < 6.10.2
  • CRITICAL9.6CVE-2026-42087OpenC3 COSMOS has SQL Injection in QuestDB Time-Series Database
    >= 6.7.0, < 7.0.0-rc3
  • HIGH8.1CVE-2026-42084OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
    from 0, < 6.10.5
  • MEDIUM6.5CVE-2024-46977OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
    from 0, < 5.19.0
  • MEDIUM6.1CVE-2024-43795OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
    from 0, < 5.19.0
  • MEDIUM5.9CVE-2024-47529OpenC3 stores passwords in clear text (`GHSL-2024-129`)
    from 0, < 5.19.0
  • MEDIUM4.6CVE-2026-42086OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
    from 0, < 7.0.0
  • MEDIUM4.3CVE-2026-42085OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
    from 0, < 6.10.5