Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

home-assistant — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting home-assistant. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by home-assistant:coreHome Assistant Operating System
CVE IDTitleCVSSSeverityPublished
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode — Home Assistant Operating SystemCWE-923 9.7 Critical2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs — coreCWE-79 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name — coreCWE-79 5.4 -2026-03-27
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name — coreCWE-80 5.4AIMediumAI2025-10-14
CVE-2025-25305 SSL validation for outgoing requests in Home Assistant Core and used libs not correct — coreCWE-940 7.0 High2025-02-18
CVE-2023-50715 User accounts disclosed to unauthenticated actors on the LAN — coreCWE-200 4.3 Medium2023-12-15
CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core — coreCWE-200 4.3 Medium2023-10-19
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core — coreCWE-669 5.3 Medium2023-10-19
CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core — coreCWE-79 8.8 High2023-10-19
CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core — coreCWE-345 7.1 High2023-10-19
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core — coreCWE-1021 8.8 High2023-10-19
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core — coreCWE-918 6.6 Medium2023-10-19
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android — coreCWE-345 8.6 High2023-10-19
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps — coreCWE-352 8.6 High2023-10-19
CVE-2023-27482 Home Assistant 授权问题漏洞 — coreCWE-287 10.0 Critical2023-03-08

This page lists every published CVE security advisory associated with home-assistant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.