nautobot vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44798Highnautobot: Nautobot: GitRepository.current_head field should not be writable through REST APICVE-2026-44797Highnautobot: Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)CVE-2026-44796Mediumnautobot: Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular…CVE-2026-44794Mediumnautobot: Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should…CVE-2026-34203Lownautobot: Nautobot: Management of users via REST API does not apply configured password validatorsCVE-2025-49143Mediumnautobot: Nautobot may allows uploaded media files to be accessible without authenticationCVE-2025-49142Mediumnautobot: Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templatingCVE-2024-36112Mediumnautobot: Nautobot dynamic-group-members doesn't enforce permission restrictions on member objectsCVE-2024-34707Highnautobot: Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pagesCVE-2024-32979Highnautobot: nautobot has reflected Cross-site Scripting potential in all object list viewsCVE-2024-29199Lownautobot: Unauthenticated views may expose information to anonymous usersCVE-2024-23345Highnautobot: XSS potential in rendered Markdown fields (comments, description, notes, etc.)CVE-2023-51649Lownautobot: Nautobot missing object-level permissions enforcement when running Job ButtonsCVE-2023-50263Lownautobot: Unauthenticated db-file-storage viewsCVE-2023-48705Highnautobot: Cross-site Scripting potential in custom links, job buttons, and computed fieldsCVE-2023-46128Highnautobot: Nautobot vulnerable to exposure of hashed user passwords via REST APICVE-2023-25657Highnautobot: Nautobot vulnerable to remote code execution via Jinja2 template rendering

Stop the waste.
Protect your environment with Kodem.