nautobot
PyPI17 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting nautobotpage 1 of 1
- CVE-2023-25657HIGHCVSS 7.5EG 7.5✓ Fixed in 1.5.72023-02-21
vulnerable: 1.0.0 ... 1.5.6 (67 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In…
- CVE-2023-46128MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.0.32023-10-25
vulnerable: 2.0.0, 2.0.1, 2.0.2
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter,…
- CVE-2023-48705MEDIUMCVSS 5.4EG 7.1✓ Fixed in 1.6.62023-11-22
vulnerable: 1.0.0 ... 2.0.4 (86 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect …
- CVE-2023-50263MEDIUMCVSS 5.3EG 3.7✓ Fixed in 2.0.62023-12-12
vulnerable: 1.1.0 ... v1.0.0a1 (131 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get…
- CVE-2023-51649MEDIUMCVSS 4.3EG 3.5✓ Fixed in 2.1.02023-12-22
vulnerable: 1.5.14 ... 2.1.0b1 (27 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `ext…
- CVE-2024-23345HIGHCVSS 7.1EG 7.1✓ Fixed in 1.6.102024-01-23
vulnerable: 1.0.0 ... 2.1.1 (95 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequ…
- CVE-2024-29199LOWCVSS 3.7EG 3.7✓ Fixed in 2.1.92024-03-26
vulnerable: 2.0.0 ... 2.1.8 (17 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to a…
- CVE-2024-32979HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.32024-05-01
vulnerable: 2.0.0 ... 2.2.2 (22 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-pro…
- CVE-2024-34707HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.42024-05-14
vulnerable: 2.0.0 ... 2.2.3 (23 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoin…
- CVE-2024-36112MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.3.0b12024-05-28
vulnerable: 2.0.0 ... 2.2.9 (29 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`…
- CVE-2025-49142HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.102025-06-10
vulnerable: 1.0.0 ... 2.4.9 (166 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature …
- CVE-2025-49143MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.4.102025-06-10
vulnerable: 2.0.0 ... 2.4.9 (59 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Locati…
- CVE-2026-34203LOWCVSS 2.7EG 2.7✓ Fixed in 3.0.102026-03-31
vulnerable: 3.0.0 ... 3.0.9 (10 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATOR…
- CVE-2026-44794MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.4.332026-05-28
vulnerable: 1.0.0 ... 2.4.9 (190 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one…
- CVE-2026-44796MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.4.332026-05-28
vulnerable: 1.0.0 ... 2.4.9 (190 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via ma…
- CVE-2026-44797HIGHCVSS 8.5EG 8.5✓ Fixed in 2.4.332026-05-28
vulnerable: 1.0.0 ... 2.4.9 (190 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various h…
- CVE-2026-44798HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.332026-05-28
vulnerable: 1.0.0 ... 2.4.9 (190 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which wa…
Check whether nautobot is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nautobot CVEs against the assets you own.
Start Free Scan →