21 matches found
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
EUVD-2026-32973
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44796 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44796 Source advisory: OSV:GHSA-QRPW-GJVH-X5GM...
EUVD-2023-0180
Malicious code in bioql PyPI...
EUVD-2025-17714
Malicious code in bioql PyPI...
EUVD-2024-0959
Malicious code in bioql PyPI...
CVE-2025-49142
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
Remote Code Execution (RCE)
Nautobot is vulnerable to Remote Code Execution. The vulnerability is due to insufficient sandboxing due to improper security configuration of the Jinja2 templating feature, allowing malicious users to access secrets or call Python APIs to modify data, bypassing object permissions...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...
Information Exposure
Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure due to the improper enforcement of authentication mechanisms on the MEDIAROOT directory. An attacker can retrieve files by guessing or knowing the corre...
PYSEC-2025-74
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
CVE-2025-49142
CVE-2025-49142 affects Nautobot prior to 2.4.10 and prior to 1.6.32. The issue arises from misconfigurations in the Jinja2 templating used in computed fields, custom links, etc., allowing a malicious user to expose secret values or to invoke Python APIs to modify data when templated content is re...
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
PT-2025-24686 · Nautobot · Nautobot
Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 2.4.10 Nautobot versions prior to 1.6.32 Description: The issue concerns Nautobot, a Network Source of Truth and Network Automation Platform. Files uploaded by users to Nautobot's MEDIA ROOT directory can be retriev...
Nautobot 安全漏洞
Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 2.4.10 and prior to 1.6.32, which stems from a misconfigured Jinja2 template that could lead to data leakage or tampering...
CVE-2024-29199
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...
CVE-2024-23345
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-34707 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-34707 Source advisory: OSV:GHSA-R2HR-4V48-FJV3...
CVE-2023-50263
CVE-2023-50263 (Nautobot) describes an information disclosure vulnerability where unauthenticated access to file storage URLs /files/get/?name=… and /files/download/?name=… is possible in Nautobot 1.x and 2.0.x before 1.6.7 and 2.0.6. The issue stems from the default Django-db-file-storage implem...