Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nautobot — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting nautobot. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Nautobot serves as an IPAM and DCIM platform for network infrastructure management. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's modular architecture introduces potential attack surfaces through plugins and APIs. While no major public security incidents have been widely documented, the 15 recorded CVEs highlight ongoing security considerations. Regular updates and hardening are recommended due to the platform's exposure to network-facing interfaces and its role in critical infrastructure management.

Top products by nautobot: nautobot nautobot-plugin-device-onboarding nautobot-app-ssot
CVE IDTitleCVSSSeverityPublished
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators — nautobotCWE-521 2.7 Low2026-03-31
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL — nautobot-app-ssotCWE-306 5.3 Medium2025-10-22
CVE-2025-49143 Nautobot may allows uploaded media files to be accessible without authentication — nautobotCWE-200 7.5AIHighAI2025-06-10
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating — nautobotCWE-1336 8.1AIHighAI2025-06-10
CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects — nautobotCWE-280 6.3 Medium2024-05-28
CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages — nautobotCWE-79 7.5 High2024-05-13
CVE-2024-32979 Reflected Cross-site Scripting potential in all object list views in Nautobot — nautobotCWE-79 7.5 High2024-05-01
CVE-2024-29199 Unauthenticated views may expose information to anonymous users — nautobotCWE-200 3.7 Low2024-03-26
CVE-2024-23345 Nautobot has XSS potential in rendered Markdown fields — nautobotCWE-79 7.1 High2024-01-22
CVE-2023-51649 Nautobot missing object-level permissions enforcement when running Job Buttons — nautobotCWE-863 3.5 Low2023-12-22
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views — nautobotCWE-200 3.7 Low2023-12-12
CVE-2023-48705 nautobot has XSS potential in custom links, job buttons, and computed fields — nautobotCWE-79 7.1 High2023-11-22
CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task — nautobot-plugin-device-onboardingCWE-256 5.7 Medium2023-11-21
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot — nautobotCWE-200 6.5 Medium2023-10-24
CVE-2023-25657 Remote code execution in Jinja2 template rendering in Nautobot — nautobotCWE-94 7.5 High2023-02-21

This page lists every published CVE security advisory associated with nautobot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.