openc3 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-2WVH-87G2-89HRCriticalopenc3: OpenC3 COSMOS: Permissions Bypass Provides User Access to Unassigned Administrative Actions via…CVE-2026-42087Criticalopenc3: OpenC3 COSMOS has SQL Injection in QuestDB Time-Series DatabaseCVE-2026-42086Mediumopenc3: OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command SenderCVE-2026-42085Mediumopenc3: OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenamesCVE-2026-42084Highopenc3: OpenC3 COSMOS: Hijacked session token can be used to reset password for persistenceCVE-2025-68271Criticalopenc3: openc3-api Vulnerable to Unauthenticated Remote Code ExecutionCVE-2024-47529Mediumopenc3: OpenC3 stores passwords in clear text (`GHSL-2024-129`)CVE-2024-46977Highopenc3: OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)CVE-2024-43795Mediumopenc3: OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Stop the waste.
Protect your environment with Kodem.