Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

home-assistant — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting home-assistant. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Home Assistant serves as an open-source home automation platform integrating IoT devices and smart home systems. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, privilege escalation, and authentication bypass issues. The platform's 15 recorded CVEs highlight risks in its web interface, API endpoints, and third-party integrations. Notable security characteristics include its Python-based architecture and extensive community-developed components, which introduce potential supply chain risks. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities underscores the importance of regular updates and secure configuration for deployments handling sensitive home systems.

Top products by home-assistant: core Home Assistant Operating System
CVE IDTitleCVSSSeverityPublished
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode — Home Assistant Operating SystemCWE-923 9.7 Critical2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs — coreCWE-79 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name — coreCWE-79 5.4 -2026-03-27
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name — coreCWE-80 5.4AIMediumAI2025-10-14
CVE-2025-25305 SSL validation for outgoing requests in Home Assistant Core and used libs not correct — coreCWE-940 7.0 High2025-02-18
CVE-2023-50715 User accounts disclosed to unauthenticated actors on the LAN — coreCWE-200 4.3 Medium2023-12-15
CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core — coreCWE-200 4.3 Medium2023-10-19
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core — coreCWE-669 5.3 Medium2023-10-19
CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core — coreCWE-79 8.8 High2023-10-19
CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core — coreCWE-345 7.1 High2023-10-19
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core — coreCWE-1021 8.8 High2023-10-19
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core — coreCWE-918 6.6 Medium2023-10-19
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android — coreCWE-345 8.6 High2023-10-19
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps — coreCWE-352 8.6 High2023-10-19
CVE-2023-27482 Home Assistant 授权问题漏洞 — coreCWE-287 10.0 Critical2023-03-08

This page lists every published CVE security advisory associated with home-assistant. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.