Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nautobot — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting nautobot. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by nautobot:nautobotnautobot-plugin-device-onboardingnautobot-app-ssot
CVE IDTitleCVSSSeverityPublished
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators — nautobotCWE-521 2.7 Low2026-03-31
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL — nautobot-app-ssotCWE-306 5.3 Medium2025-10-22
CVE-2025-49143 Nautobot may allows uploaded media files to be accessible without authentication — nautobotCWE-200 7.5AIHighAI2025-06-10
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating — nautobotCWE-1336 8.1AIHighAI2025-06-10
CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects — nautobotCWE-280 6.3 Medium2024-05-28
CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages — nautobotCWE-79 7.5 High2024-05-13
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot — nautobotCWE-79 7.5 High2024-05-01
CVE-2024-29199 Unauthenticated views may expose information to anonymous users — nautobotCWE-200 3.7 Low2024-03-26
CVE-2024-23345 Nautobot has XSS potential in rendered Markdown fields — nautobotCWE-79 7.1 High2024-01-22
CVE-2023-51649 Nautobot missing object-level permissions enforcement when running Job Buttons — nautobotCWE-863 3.5 Low2023-12-22
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views — nautobotCWE-200 3.7 Low2023-12-12
CVE-2023-48705 nautobot has XSS potential in custom links, job buttons, and computed fields — nautobotCWE-79 7.1 High2023-11-22
CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task — nautobot-plugin-device-onboardingCWE-256 5.7 Medium2023-11-21
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot — nautobotCWE-200 6.5 Medium2023-10-24
CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot — nautobotCWE-94 7.5 High2023-02-21

This page lists every published CVE security advisory associated with nautobot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.