nautobot Security Advisories - Pypi | Ecosyste.ms: Advisories

nautobot

pypi · Source of truth and network automation platform. · Repository · Package

Security Advisories for nautobot in pypi

Moderate

4 months ago

Nautobot may allows uploaded media files to be accessible without authentication GSA_kwCzR0hTQS1yaDY3LTRjOGotaGpqaM4ABI55

pypi nautobot

Moderate

4 months ago

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating GSA_kwCzR0hTQS13anc2LTk1aDUtNGpweM4ABI53

pypi nautobot

Moderate

over 1 year ago

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects GSA_kwCzR0hTQS1xbWpmLXdjMmgtNngzcc4AA8jR

pypi nautobot

High

over 1 year ago

Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages GSA_kwCzR0hTQS1yMmhyLTR2NDgtZmp2M84AA74u

pypi nautobot

High

over 1 year ago

nautobot has reflected Cross-site Scripting potential in all object list views GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp

pypi nautobot

Low

over 1 year ago

Unauthenticated views may expose information to anonymous users GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7

pypi nautobot

High

over 1 year ago

XSS potential in rendered Markdown fields (comments, description, notes, etc.) GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT

pypi nautobot

Low

almost 2 years ago

Nautobot missing object-level permissions enforcement when running Job Buttons GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF

pypi nautobot

Low

almost 2 years ago

Unauthenticated db-file-storage views GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo

pypi nautobot

High

almost 2 years ago

Cross-site Scripting potential in custom links, job buttons, and computed fields GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3

pypi nautobot

High

almost 2 years ago

Nautobot vulnerable to exposure of hashed user passwords via REST API GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV

pypi nautobot

High

over 2 years ago

Nautobot vulnerable to remote code execution via Jinja2 template rendering GSA_kwCzR0hTQS04bWZxLWY1d2otdnc1bc4AAxw5

pypi nautobot

Filter by Severity

High 6 Moderate 3 Low 3

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

nautobot

Nautobot may allows uploaded media files to be accessible without authentication GSA_kwCzR0hTQS1yaDY3LTRjOGotaGpqaM4ABI55

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating GSA_kwCzR0hTQS13anc2LTk1aDUtNGpweM4ABI53

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects GSA_kwCzR0hTQS1xbWpmLXdjMmgtNngzcc4AA8jR

Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages GSA_kwCzR0hTQS1yMmhyLTR2NDgtZmp2M84AA74u

nautobot has reflected Cross-site Scripting potential in all object list views GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp

Unauthenticated views may expose information to anonymous users GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7

XSS potential in rendered Markdown fields (comments, description, notes, etc.) GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT

Nautobot missing object-level permissions enforcement when running Job Buttons GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF

Unauthenticated db-file-storage views GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo

Cross-site Scripting potential in custom links, job buttons, and computed fields GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3

Nautobot vulnerable to exposure of hashed user passwords via REST API GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV

Nautobot vulnerable to remote code execution via Jinja2 template rendering GSA_kwCzR0hTQS04bWZxLWY1d2otdnc1bc4AAxw5

Filter by Severity