pkg:PyPI/nautobot

共 25 筆 CVEHIGH14MEDIUM4LOW6

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.5CVE-2026-44797Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
    >= 3.0.0a2, < 3.1.2
  • HIGH7.7CVE-2023-46128Nautobot vulnerable to exposure of hashed user passwords via REST API
    from 0, < 1ce8e5c658a075c29554d517cd453675e5d40d71 | >= 2.0.0, < 2.0.3
  • HIGH7.7CVE-2023-46128Nautobot vulnerable to exposure of hashed user passwords via REST API
    >= 2.0.0, < 2.0.3
  • HIGH7.5CVE-2024-34707Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
    from 0, < 1.6.22
  • HIGH7.5CVE-2024-32979nautobot has reflected Cross-site Scripting potential in all object list views
    >= 1.5.0, < 1.6.20
  • HIGH7.5CVE-2023-25657Nautobot vulnerable to remote code execution via Jinja2 template rendering
    from 0, < d47f157e83b0c353bb2b697f911882c71cf90ca0 | from 0, < 1.5.7
  • HIGH7.5CVE-2023-25657Nautobot vulnerable to remote code execution via Jinja2 template rendering
    from 0, < 1.5.7
  • HIGH7.1CVE-2026-44798Nautobot: GitRepository.current_head field should not be writable through REST API
    >= 3.0.0a2, < 3.1.2
  • HIGH7.1CVE-2025-49142Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
    from 0, < 1.6.32, >= 2.0.0, < 2.4.10
  • HIGH7.1CVE-2025-49142Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
    from 0, < 1.6.32
  • HIGH7.1CVE-2024-23345XSS potential in rendered Markdown fields (comments, description, notes, etc.)
    >= 2.0.0, < 2.1.2
  • HIGH7.1CVE-2024-23345XSS potential in rendered Markdown fields (comments, description, notes, etc.)
    from 0, < 17effcbe84a72150c82b138565c311bbee357e80, < 64312a4297b5ca49b6cdedf477e41e8e4fd61cce | >= 2.0.0, < 2.1.2, from 0, < 1.6.10
  • HIGH7.1CVE-2023-48705Cross-site Scripting potential in custom links, job buttons, and computed fields
    from 0, < 1.6.6
  • HIGH7.1CVE-2023-48705Cross-site Scripting potential in custom links, job buttons, and computed fields
    from 0, < 362850f5a94689a4c75e3188bf6de826c3b012b2, < 54abe23331b6c3d0d82bf1b028c679b1d200920d | >= 2.0.0, < 2.0.5, from 0, < 1.6.6
  • MEDIUM6.5CVE-2026-44796Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
    >= 3.0.0a2, < 3.1.2
  • MEDIUM6.3CVE-2024-36112Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
    >= 1.3.0, < 1.6.23
  • MEDIUM6.3CVE-2024-36112Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
    >= 2.0.0, < 2.3.0b1
  • MEDIUM5.4CVE-2026-44794Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
    >= 3.0.0a2, < 3.1.2
  • LOW3.7CVE-2024-29199Unauthenticated views may expose information to anonymous users
    from 0, < 1.6.16
  • LOW3.7CVE-2023-50263Unauthenticated db-file-storage views
    >= 1.1.0, < 1.6.7
  • LOW3.7CVE-2023-50263Unauthenticated db-file-storage views
    from 0, < 458280c359a4833a20da294eaf4b8d55edc91cee, < 7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee | >= 2.0.0, < 2.0.6, >= 1.1.0, < 1.6.7
  • LOW3.5CVE-2023-51649Nautobot missing object-level permissions enforcement when running Job Buttons
    >= 2.0.0, < 2.1.0, >= 1.5.14, < 1.6.8
  • LOW3.5CVE-2023-51649Nautobot missing object-level permissions enforcement when running Job Buttons
    >= 1.5.14, < 1.6.8
  • LOW2.7CVE-2026-34203Nautobot: Management of users via REST API does not apply configured password validators
    from 0, < 2.4.30
  • CVE-2025-49143Nautobot may allows uploaded media files to be accessible without authentication
    from 0, < 1.6.32