MEDIUM 6.5 PyPI
PYSEC-2023-220 · CVE-2023-46128, GHSA-r2hw-74xv-4gqp Modified: 11/8/2023
package
PyPI / nautobot
pkg:pypi/nautobot
MEDIUM 5.4 PyPI
PYSEC-2023-285 · CVE-2023-48705, GHSA-cf9f-wmhp-v4pr Modified: 11/21/2024
MEDIUM 5.3 PyPI
PYSEC-2023-286 · CVE-2023-50263, GHSA-75mc-3pjc-727q Modified: 6/8/2026
MEDIUM 4.3 PyPI
PYSEC-2023-287 · CVE-2023-51649, GHSA-vf5m-xrhm-v999 Modified: 6/8/2026
— PyPI
PYSEC-2023-37 · CVE-2023-25657, GHSA-8mfq-f5wj-vw5m Modified: 11/8/2023
MEDIUM 5.4 PyPI
PYSEC-2024-16 · CVE-2024-23345, GHSA-v4xv-795h-rv4h Modified: 1/29/2024
— PyPI
PYSEC-2024-166 · CVE-2024-36112, GHSA-qmjf-wc2h-6x3q Modified: 2/4/2026
HIGH 7.1 PyPI
PYSEC-2025-79 · CVE-2025-49142, GHSA-wjw6-95h5-4jpx Modified: 5/21/2026
LOW 3.7 PyPI
GHSA-75mc-3pjc-727q · CVE-2023-50263, PYSEC-2023-286 Unauthenticated db-file-storage views
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-8mfq-f5wj-vw5m · CVE-2023-25657, PYSEC-2023-37 Nautobot vulnerable to remote code execution via Jinja2 template rendering
Modified: 9/25/2024
HIGH 8.5 PyPI
GHSA-c35q-vxrp-ph26 · CVE-2026-44797 Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
Modified: 5/13/2026
HIGH 7.1 PyPI
GHSA-cf9f-wmhp-v4pr · CVE-2023-48705, PYSEC-2023-285 Cross-site Scripting potential in custom links, job buttons, and computed fields
Modified: 11/22/2024
HIGH 7.5 PyPI
GHSA-jxgr-gcj5-cqqg · CVE-2024-32979 nautobot has reflected Cross-site Scripting potential in all object list views
Modified: 5/1/2024
LOW 3.7 PyPI
GHSA-m732-wvh2-7cq4 · CVE-2024-29199 Unauthenticated views may expose information to anonymous users
Modified: 3/26/2024
HIGH 7.1 PyPI
GHSA-p3hx-pwf3-j8wr · CVE-2026-44798 Nautobot: GitRepository.current_head field should not be writable through REST API
Modified: 5/13/2026
MEDIUM 6.3 PyPI
GHSA-qmjf-wc2h-6x3q · CVE-2024-36112, PYSEC-2024-166 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Modified: 2/4/2026
MEDIUM 6.5 PyPI
GHSA-qrpw-gjvh-x5gm · CVE-2026-44796 Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Modified: 5/13/2026
HIGH 7.5 PyPI
GHSA-r2hr-4v48-fjv3 · CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Modified: 5/19/2024
HIGH 7.7 PyPI
GHSA-r2hw-74xv-4gqp · CVE-2023-46128, PYSEC-2023-220 Nautobot vulnerable to exposure of hashed user passwords via REST API
Modified: 10/7/2024
MEDIUM PyPI
GHSA-rh67-4c8j-hjjh · CVE-2025-49143 Nautobot may allows uploaded media files to be accessible without authentication
Modified: 6/10/2025
HIGH 7.1 PyPI
GHSA-v4xv-795h-rv4h · CVE-2024-23345, PYSEC-2024-16 XSS potential in rendered Markdown fields (comments, description, notes, etc.)
Modified: 2/15/2025
LOW 3.5 PyPI
GHSA-vf5m-xrhm-v999 · CVE-2023-51649, PYSEC-2023-287 Nautobot missing object-level permissions enforcement when running Job Buttons
Modified: 11/22/2024
MEDIUM PyPI
GHSA-wjw6-95h5-4jpx · CVE-2025-49142, PYSEC-2025-74 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Modified: 5/19/2026
MEDIUM 5.4 PyPI
GHSA-wpxj-44w3-2j6x · CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
Modified: 5/13/2026
LOW 2.7 PyPI
GHSA-xmpv-j7p2-j873 · CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators
Modified: 3/31/2026