nautobot (pypi) security advisories

UNKNOWN

PyPI

CVE-2024-36112

May 28, 2024

MEDIUM 6.3

PyPI

CVE-2024-36112

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

May 29, 2024

HIGH 7.1

PyPI

CVE-2025-49142

Jun 10, 2025

UNKNOWN

PyPI

CVE-2025-49142

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Jun 10, 2025

LOW 3.5

PyPI

CVE-2023-51649

Nautobot missing object-level permissions enforcement when running Job Buttons

Dec 22, 2023

HIGH 8.5

PyPI

CVE-2026-44797

Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

May 13, 2026

HIGH 7.1

PyPI

CVE-2026-44798

Nautobot: GitRepository.current_head field should not be writable through REST API

May 13, 2026

MEDIUM 6.5

PyPI

CVE-2026-44796

Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)

May 13, 2026

MEDIUM 5.4

PyPI

CVE-2026-44794

Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

May 13, 2026

MEDIUM 5.3

PyPI

CVE-2023-50263

Dec 12, 2023

MEDIUM 4.3

PyPI

CVE-2023-51649

Dec 22, 2023

LOW 2.7

PyPI

CVE-2026-34203

Nautobot: Management of users via REST API does not apply configured password validators

Mar 31, 2026

UNKNOWN

PyPI

CVE-2025-49143

Nautobot may allows uploaded media files to be accessible without authentication

Jun 10, 2025

HIGH 7.1

PyPI

CVE-2024-23345

XSS potential in rendered Markdown fields (comments, description, notes, etc.)

Jan 23, 2024

HIGH 7.1

PyPI

CVE-2023-48705

Cross-site Scripting potential in custom links, job buttons, and computed fields

Nov 22, 2023

LOW 3.7

PyPI

CVE-2023-50263

Unauthenticated db-file-storage views

Dec 13, 2023

MEDIUM 5.4

PyPI

CVE-2023-48705

Nov 22, 2023

HIGH 7.7

PyPI

CVE-2023-46128

Nautobot vulnerable to exposure of hashed user passwords via REST API

Oct 24, 2023

HIGH 7.5

PyPI

CVE-2023-25657

Nautobot vulnerable to remote code execution via Jinja2 template rendering

Feb 22, 2023

HIGH 7.5

PyPI

CVE-2024-34707

Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

May 13, 2024

HIGH 7.5

PyPI

CVE-2024-32979

nautobot has reflected Cross-site Scripting potential in all object list views

May 1, 2024

LOW 3.7

PyPI

CVE-2024-29199

Unauthenticated views may expose information to anonymous users

Mar 26, 2024

MEDIUM 5.4

PyPI

CVE-2024-23345

Jan 23, 2024

MEDIUM 6.5

PyPI

CVE-2023-46128

Oct 25, 2023

UNKNOWN

PyPI

CVE-2023-25657

Feb 21, 2023

nautobot

Vulnerabilities

CVE-2024-36112

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

CVE-2025-49142

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot missing object-level permissions enforcement when running Job Buttons

Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot: GitRepository.current_head field should not be writable through REST API

Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)

Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

CVE-2023-50263

CVE-2023-51649

Nautobot: Management of users via REST API does not apply configured password validators

Nautobot may allows uploaded media files to be accessible without authentication

XSS potential in rendered Markdown fields (comments, description, notes, etc.)

Cross-site Scripting potential in custom links, job buttons, and computed fields

Unauthenticated db-file-storage views

CVE-2023-48705

Nautobot vulnerable to exposure of hashed user passwords via REST API

Nautobot vulnerable to remote code execution via Jinja2 template rendering

Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

nautobot has reflected Cross-site Scripting potential in all object list views

Unauthenticated views may expose information to anonymous users

CVE-2024-23345

CVE-2023-46128

CVE-2023-25657

Start Securing