homeassistant
PyPI7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting homeassistantpage 1 of 1
- CVE-2018-21019HIGHCVSS 7.5EG 7.5✓ Fixed in 0.67.02019-09-23
vulnerable: 0.10.0 ... 0.9.1 (188 versions)
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
- CVE-2023-41893MEDIUMCVSS 5.4EG 4.3✓ Fixed in 2023.9.02023-10-20
vulnerable: 0.10.0 ... 2023.9.0b6 (1132 versions)
Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authe…
- CVE-2023-50715MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2023.12.32023-12-15
vulnerable: 0.10.0 ... 2023.9.3 (1170 versions)
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains…
- CVE-2025-25305HIGHCVSS 7.0EG 7.0✓ Fixed in 2024.1.62025-02-18
vulnerable: 0.10.0 ... 2024.1.5 (1187 versions)
Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and…
- CVE-2025-62172HIGHCVSS 8.5EG 8.5✓ Fixed in 2025.10.22025-10-14
vulnerable: 2025.1.0 ... 2025.9.4 (134 versions)
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject m…
- CVE-2025-65713MEDIUMCVSS 4.0EG 4.0✓ Fixed in 2025.8.02025-12-23
vulnerable: 0.10.0 ... 2025.8.0b5 (1468 versions)
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
- CVE-2026-54317HIGHCVSS 7.6EG 7.6✓ Fixed in 2026.6.02026-06-19
vulnerable: 0.10.0 ... 2026.6.0b4 (1583 versions)
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView (homeassistant/components/konnected/__init__.py), that…
Check whether homeassistant is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for homeassistant CVEs against the assets you own.
Start Free Scan →