octoprint (pypi) security advisories

CRITICAL 9.4

PyPI

CVE-2024-32977

May 14, 2024

MEDIUM 4.0

PyPI

CVE-2024-28237

XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

Mar 18, 2024

HIGH 7.1

PyPI

CVE-2024-32977

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

May 14, 2024

MEDIUM 4.8

PyPI

CVE-2024-28237

Mar 18, 2024

UNKNOWN

PyPI

CVE-2021-32561

May 11, 2021

UNKNOWN

PyPI

CVE-2021-32560

May 11, 2021

HIGH 7.8

PyPI

CVE-2022-2930

Aug 22, 2022

UNKNOWN

PyPI

CVE-2022-3068

Sep 21, 2022

UNKNOWN

PyPI

CVE-2022-2888

Sep 21, 2022

UNKNOWN

PyPI

CVE-2022-2872

Sep 21, 2022

UNKNOWN

PyPI

CVE-2022-3607

Oct 19, 2022

MEDIUM 5.9

PyPI

CVE-2026-23892

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Jan 27, 2026

UNKNOWN

PyPI

CVE-2025-64187

OctoPrint vulnerable to XSS in Action Commands Notification and Prompt

Nov 4, 2025

HIGH 8.8

PyPI

CVE-2025-58180

OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Sep 9, 2025

MEDIUM 4.3

PyPI

CVE-2025-32788

OctoPrint Authenticated Reverse Proxy Page Authentication Bypass

Apr 22, 2025

MEDIUM 4.3

PyPI

CVE-2025-32788

Apr 22, 2025

MEDIUM 6.5

PyPI

CVE-2025-48879

OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

Jun 10, 2025

MEDIUM 5.4

PyPI

CVE-2025-48067

OctoPrint vulnerable to possible file extraction via upload endpoints

Jun 10, 2025

MEDIUM 5.3

PyPI

CVE-2024-51493

OctoPrint has API key access in settings without reauthentication

Nov 5, 2024

MEDIUM 5.5

PyPI

CVE-2024-49377

OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates

Nov 5, 2024

MEDIUM 6.1

PyPI

CVE-2024-49377

Nov 5, 2024

MEDIUM 6.5

PyPI

CVE-2024-51493

Nov 5, 2024

MEDIUM 5.3

PyPI

CVE-2022-2930

Unverified Password Change in OctoPrint

Aug 23, 2022

MEDIUM 6.0

PyPI

CVE-2022-3607

OctoPrint vulnerable to Special Element Injection

Oct 19, 2022

HIGH 7.5

PyPI

CVE-2022-1430

Cross-site Scripting in OctoPrint

May 19, 2022

HIGH 8.8

PyPI

CVE-2022-3068

OctoPrint Improper Privilege Management vulnerability

Sep 22, 2022

MEDIUM 4.4

PyPI

CVE-2022-2888

OctoPrint vulnerable to Insufficient Session Expiration.

Sep 22, 2022

MEDIUM 6.5

PyPI

CVE-2021-32560

OctoPrint Incorrect Access Control

May 24, 2022

MEDIUM 6.1

PyPI

CVE-2021-32561

OctoPrint API Error Messages vulnerable to XSS

May 24, 2022

LOW 3.7

PyPI

CVE-2022-2872

OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type

Sep 22, 2022

HIGH 7.5

PyPI

CVE-2022-1432

Cross-site Scripting in OctoPrint

May 19, 2022

MEDIUM 6.5

PyPI

CVE-2023-41047

OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine

Oct 10, 2023

LOW 3.7

PyPI

CVE-2022-2822

OctoPrint does not have rate limiting on the login page

Aug 16, 2022

MEDIUM 4.2

PyPI

CVE-2024-23637

OctoPrint Unverified Password Change via Access Control Settings

Jan 31, 2024

MEDIUM 4.9

PyPI

CVE-2024-23637

Jan 31, 2024

MEDIUM 6.5

PyPI

CVE-2023-41047

Oct 9, 2023

UNKNOWN

PyPI

CVE-2022-1432

May 18, 2022

UNKNOWN

PyPI

CVE-2022-1430

May 18, 2022

octoprint

Vulnerabilities

CVE-2024-32977

XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled

CVE-2024-28237

CVE-2021-32561

CVE-2021-32560

CVE-2022-2930

CVE-2022-3068

CVE-2022-2888

CVE-2022-2872

CVE-2022-3607

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint vulnerable to XSS in Action Commands Notification and Prompt

OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

OctoPrint Authenticated Reverse Proxy Page Authentication Bypass

CVE-2025-32788

OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

OctoPrint vulnerable to possible file extraction via upload endpoints

OctoPrint has API key access in settings without reauthentication

OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates

CVE-2024-49377

CVE-2024-51493

Unverified Password Change in OctoPrint

OctoPrint vulnerable to Special Element Injection

Cross-site Scripting in OctoPrint

OctoPrint Improper Privilege Management vulnerability

OctoPrint vulnerable to Insufficient Session Expiration.

OctoPrint Incorrect Access Control

OctoPrint API Error Messages vulnerable to XSS

OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type

Cross-site Scripting in OctoPrint

OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine

OctoPrint does not have rate limiting on the login page

OctoPrint Unverified Password Change via Access Control Settings

CVE-2024-23637

CVE-2023-41047

CVE-2022-1432

CVE-2022-1430

Start Securing