Browse all 32 CVE security advisories affecting pi-hole. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pi-hole operates as a network-wide ad and tracker blocking DNS sinkhole, primarily deployed in home and small business environments to filter malicious traffic at the network level. Historically, its security profile has been marred by critical flaws, including remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities within its web interface and API. These weaknesses often stemmed from insufficient input validation, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on the underlying Linux system. With thirty-one Common Vulnerabilities and Exposures (CVEs) currently on record, the software has faced significant scrutiny regarding its codebase maintenance and patching speed. While it provides essential privacy benefits by blocking unwanted network requests, its history of privilege escalation and RCE risks highlights the importance of keeping the installation updated and restricting web interface access to trusted networks only.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-23614 | Improper session handling of "Remember me for 7 days" functionality — AdminLTECWE-613 | 8.8 | High | 2023-01-26 |
| CVE-2022-23513 | Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint — AdminLTECWE-284 | 5.3 | Medium | 2022-12-22 |
| CVE-2022-31029 | Authenticated XSS in Pi-hole AdminLTE — AdminLTECWE-79 | 5.9 | Medium | 2022-07-07 |
| CVE-2021-41175 | Stored XSS in Client Groups Management (Authenticated) — AdminLTECWE-79 | 7.3 | High | 2021-10-26 |
| CVE-2021-32793 | Stored XSS Vulnerability in the Pi-hole Webinterface — AdminLTECWE-79 | 5.7 | Medium | 2021-08-04 |
| CVE-2021-32706 | (Authenticated) Remote Code Execution Possible in Web Interface 5.5 — AdminLTECWE-94 | 7.6 | High | 2021-08-04 |
| CVE-2021-29448 | Stored DOM XSS in Pi-hole Admin Web Interface — AdminLTECWE-79 | 7.6 | High | 2021-04-15 |
This page lists every published CVE security advisory associated with pi-hole. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.