esphome

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting esphomepage 1 of 1

CVE-2021-41104HIGHCVSS 7.5EG 7.5✓ Fixed in 2021.9.2
2021-09-28
vulnerable: 1.10.1 ... 2021.9.1 (103 versions)
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking…
CVE-2024-27081HIGHCVSS 7.2EG 7.2✓ Fixed in 2024.2.1
2024-02-26
vulnerable: 2023.12.9, 2024.2.0, 2024.2.0b1, 2024.2.0b2, 2024.2.0b3
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to …
CVE-2024-27287MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2024.2.2
2024-03-06
vulnerable: 2023.12.9 ... 2024.2.1 (6 versions)
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command lin…
CVE-2024-29019HIGHCVSS 8.1EG 8.1✓ Fixed in 2024.3.0
2024-04-11
vulnerable: 2023.12.9 ... 2024.3.0b5 (12 versions)
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) all…

Check whether esphome is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for esphome CVEs against the assets you own.

Start Free Scan →