Home Assistant Supervisor - Authentication Bypass

Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older...

Improper Neutralization of Special Elements Used in a Template Engine

Overview homeassistant-cli is a Command-line tool for Home Assistant. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the handling of user-supplied Jinja2 templates. An attacker can execute arbitrary code by convincing ...

eq3btsmart (=0.0.0), fauxmo (>=0.1.0 <=0.3.6) +8 more potentially affected by CVE-2025-65713 via homeassistant (>=0.10.1 <=2025.7.4)

homeassistant PYPI version =0.10.1, =0.1.0, =1.1.5, =0.0.0, =2021.4.0, =0.4.11, =1.2.0, =0.1.1, =0.108.0, =0.109.0 Source cves: CVE-2025-65713 Source advisory: OSV:GHSA-PP3G-XMM4-5CW9...

ha-synthetic-sensors (>=1.1.5 <=1.1.13), homeassistant-stubs (>=2025.1.0 <=2025.12.5) +4 more potentially affected by CVE-2025-65713 via homeassistant (>=2025.10.0 <=2025.8.0b3)

homeassistant PYPI version =2025.10.0, =1.1.5, =2025.1.0, =0.13.196, =0.108.0, =0.108.1 Source cves: CVE-2025-65713 Source advisory: SNYK:PYTHON-HOMEASSISTANT-14553184...

eq3btsmart (=0.0.0), homeassistant-stubs (>=2023.9.0b0 <=2024.12.5) +4 more potentially affected by CVE-2025-25305 via homeassistant (>=2023.9.0b0 <=2024.1.5)

homeassistant PYPI version =2023.9.0b0, =2023.9.0b0, =4.2.6, =0.13.55, =0.108.2, =0.109.0 Source cves: CVE-2025-25305 Source advisory: SNYK:PYTHON-HOMEASSISTANT-8732783...

Sensitive Information Disclosure

homeassistant is vulnerable to Sensitive Information Disclosure. The vulnerability arises due to the login page exposing user accounts to unauthenticated attackers on the LAN. An attacker is able to read application data as a result of exploitation of this vulnerability...

Authentication Bypass

homeassistant is vulnerable to Authentication Bypass. The vulnerability is caused by an attacker triggering a webhook that are marked as only accessible from the local network, even when the attacker is not connected to the local network. The attacker could exploit this vulnerability by sending a...

Broken Authentication

homeassistant is vulnerable due to Broken Authentication. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link. The link would direct the user to a malicious website that would initiate the OAuth2 login process with a specially crafted redirect URI. If...

CVE-2023-27482

homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older...

CVE-2023-27482

CVE-2023-27482 affects Home Assistant Supervisor (not Home Assistant Container or Core in Python) via a remotely exploitable authentication bypass of the Supervisor API. Affected installations are those using Supervisor 2023.01.1 or older. Mitigation: Supervisor 2023.03.1 has been rolled out to a...

CVE-2023-27482

homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older...

fauxmo (>=0.1.0 <=0.3.6) potentially affected by CVE-2018-21019 via homeassistant (>=0.10.1 <=0.31.1)

homeassistant PYPI version =0.10.1, =0.1.0, =0.3.6 Source cves: CVE-2018-21019 Source advisory: OSV:GHSA-MH78-8F49-VJG3...