HIGH 8.8 PyPI
GHSA-2p75-q37p-f852 · CVE-2022-3068, PYSEC-2022-283 OctoPrint Improper Privilege Management vulnerability
Modified: 10/8/2024
package
PyPI / octoprint
pkg:pypi/octoprint
HIGH 7.1 PyPI
GHSA-2vjq-hg5w-5gm7 · CVE-2024-32977, PYSEC-2024-237 OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Modified: 6/10/2026
MEDIUM 5.3 PyPI
GHSA-39gf-864w-pxw4 · CVE-2022-2930, PYSEC-2022-43142 Unverified Password Change in OctoPrint
Modified: 11/22/2024
HIGH 8.8 PyPI
GHSA-49mj-x8jp-qvfc · CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
Modified: 9/18/2025
LOW 3.7 PyPI
GHSA-49wm-4fp6-h59c · CVE-2022-2872, PYSEC-2022-286 OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Modified: 10/7/2024
MEDIUM 4.2 PyPI
GHSA-5626-pw9c-hmjr · CVE-2024-23637, PYSEC-2024-29 OctoPrint Unverified Password Change via Access Control Settings
Modified: 2/16/2024
LOW 3.7 PyPI
GHSA-5w5x-q9p5-9qg3 · CVE-2022-2822 OctoPrint does not have rate limiting on the login page
Modified: 2/16/2024
MEDIUM 4.4 PyPI
GHSA-937f-qh3w-6g87 · CVE-2022-2888, PYSEC-2022-282 OctoPrint vulnerable to Insufficient Session Expiration.
Modified: 10/8/2024
MEDIUM 6.5 PyPI
GHSA-9wj4-8h85-pgrw · CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
Modified: 6/10/2025
MEDIUM 5.3 PyPI
GHSA-cc6x-8cc7-9953 · CVE-2024-51493, PYSEC-2024-202 OctoPrint has API key access in settings without reauthentication
Modified: 1/21/2025
MEDIUM PyPI
GHSA-crvm-xjhm-9h29 · CVE-2025-64187 OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
Modified: 11/7/2025
MEDIUM 6.5 PyPI
GHSA-fwfg-vprh-97ph · CVE-2023-41047, PYSEC-2023-195 OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Modified: 10/7/2024
HIGH 7.5 PyPI
GHSA-h8pc-j334-jjhm · CVE-2022-1432, PYSEC-2022-201 Cross-site Scripting in OctoPrint
Modified: 10/7/2024
MEDIUM 5.4 PyPI
GHSA-m9jh-jf9h-x3h2 · CVE-2025-48067 OctoPrint vulnerable to possible file extraction via upload endpoints
Modified: 6/10/2025
MEDIUM 4.3 PyPI
GHSA-qw93-h6pf-226x · CVE-2025-32788, PYSEC-2025-56 OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Modified: 6/30/2025
MEDIUM 6.0 PyPI
GHSA-rj5f-vm79-5j84 · CVE-2022-3607, PYSEC-2022-42975 OctoPrint vulnerable to Special Element Injection
Modified: 10/8/2024
MEDIUM 6.1 PyPI
GHSA-vcx4-fpmp-mvv6 · CVE-2021-32561, PYSEC-2021-30 OctoPrint API Error Messages vulnerable to XSS
Modified: 10/8/2024
MEDIUM 4.0 PyPI
GHSA-x7mf-wrh9-r76c · CVE-2024-28237, PYSEC-2024-179 XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Modified: 6/10/2026
HIGH 7.5 PyPI
GHSA-x7r7-wmj8-vv5g · CVE-2022-1430, PYSEC-2022-200 Cross-site Scripting in OctoPrint
Modified: 10/8/2024
MEDIUM 6.5 PyPI
GHSA-x9rq-fjp5-qgm9 · CVE-2021-32560, PYSEC-2021-29 OctoPrint Incorrect Access Control
Modified: 10/8/2024
MEDIUM 5.9 PyPI
GHSA-xg4x-w2j3-57h6 · CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Modified: 2/3/2026
MEDIUM 5.5 PyPI
GHSA-xvxq-g8hw-fx4g · CVE-2024-49377, PYSEC-2024-201 OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Modified: 1/21/2025
— PyPI
PYSEC-2021-29 · CVE-2021-32560, GHSA-x9rq-fjp5-qgm9 Modified: 6/10/2026
— PyPI
PYSEC-2021-30 · CVE-2021-32561, GHSA-vcx4-fpmp-mvv6 Modified: 6/10/2026
— PyPI
PYSEC-2022-200 · CVE-2022-1430, GHSA-x7r7-wmj8-vv5g Modified: 11/8/2023
— PyPI
PYSEC-2022-201 · CVE-2022-1432, GHSA-h8pc-j334-jjhm Modified: 11/8/2023
— PyPI
PYSEC-2022-282 · CVE-2022-2888, GHSA-937f-qh3w-6g87 Modified: 6/10/2026
— PyPI
PYSEC-2022-283 · CVE-2022-3068, GHSA-2p75-q37p-f852 Modified: 6/10/2026
— PyPI
PYSEC-2022-286 · CVE-2022-2872, GHSA-49wm-4fp6-h59c Modified: 6/10/2026
— PyPI
PYSEC-2022-42975 · CVE-2022-3607, GHSA-rj5f-vm79-5j84 Modified: 6/10/2026
HIGH 7.8 PyPI
PYSEC-2022-43142 · CVE-2022-2930, GHSA-39gf-864w-pxw4 Modified: 6/10/2026
MEDIUM 6.5 PyPI
PYSEC-2023-195 · CVE-2023-41047, GHSA-fwfg-vprh-97ph Modified: 11/8/2023
MEDIUM 4.8 PyPI
PYSEC-2024-179 · CVE-2024-28237, GHSA-x7mf-wrh9-r76c Modified: 6/10/2026
MEDIUM 6.1 PyPI
PYSEC-2024-201 · CVE-2024-49377, GHSA-xvxq-g8hw-fx4g Modified: 1/19/2025
MEDIUM 6.5 PyPI
PYSEC-2024-202 · CVE-2024-51493, GHSA-cc6x-8cc7-9953 Modified: 1/19/2025
CRITICAL 9.4 PyPI
PYSEC-2024-237 · CVE-2024-32977, GHSA-2vjq-hg5w-5gm7 Modified: 6/10/2026
MEDIUM 4.9 PyPI
PYSEC-2024-29 · CVE-2024-23637, GHSA-5626-pw9c-hmjr Modified: 2/8/2024
MEDIUM 4.3 PyPI
PYSEC-2025-56 · CVE-2025-32788, GHSA-qw93-h6pf-226x Modified: 6/27/2025