OctoPrint vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54134HighOctoPrint: OctoPrint has possible file exfiltration via query parameters on upload endpointsCVE-2026-35163MediumOctoPrint: OctoPrint has XSS in its Suppressed Command NotificationsCVE-2026-23892MediumOctoPrint: OctoPrint has Timing Side-Channel Vulnerability in API Key AuthenticationCVE-2025-64187Mediumoctoprint: OctoPrint vulnerable to XSS in Action Commands Notification and PromptCVE-2025-58180Highoctoprint: OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File UploadCVE-2025-48879MediumOctoPrint: OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrintCVE-2025-48067MediumOctoPrint: OctoPrint vulnerable to possible file extraction via upload endpointsCVE-2025-32788Mediumoctoprint: OctoPrint Authenticated Reverse Proxy Page Authentication BypassCVE-2024-51493MediumOctoPrint: OctoPrint has API key access in settings without reauthenticationCVE-2024-49377MediumOctoPrint: OctoPrint Vulnerable to Reflected XSS in Jinja2 TemplatesCVE-2024-32977HighOctoPrint: OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabledCVE-2024-28237MediumOctoPrint: XSS via the "Snapshot Test" feature in Classic Webcam plugin settingsCVE-2024-23637MediumOctoPrint: OctoPrint Unverified Password Change via Access Control SettingsCVE-2023-41047HighOctoPrint: OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template EngineCVE-2022-3607MediumOctoPrint: OctoPrint vulnerable to Special Element InjectionCVE-2022-2872LowOctoPrint: OctoPrint vulnerable to Unrestricted Upload of File with Dangerous TypeCVE-2022-2888MediumOctoPrint: OctoPrint vulnerable to Insufficient Session Expiration.CVE-2022-3068HighOctoPrint: OctoPrint Improper Privilege Management vulnerabilityCVE-2022-2930MediumOctoPrint: Unverified Password Change in OctoPrintCVE-2022-2822LowOctoPrint: OctoPrint does not have rate limiting on the login pageCVE-2021-32561MediumOctoPrint: OctoPrint API Error Messages vulnerable to XSSCVE-2021-32560Highoctoprint: OctoPrint Incorrect Access ControlCVE-2022-1430HighOctoPrint: Cross-site Scripting in OctoPrintCVE-2022-1432HighOctoPrint: Cross-site Scripting in OctoPrint

Stop the waste.
Protect your environment with Kodem.