nautobot
PyPI11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting nautobotpage 1 of 1
- CVE-2023-25657HIGHCVSS 7.5EG 7.5✓ Fixed in 1.5.72023-02-21
vulnerable: 1.0.0 ... 1.5.6 (67 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In…
- CVE-2023-46128MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.0.32023-10-25
vulnerable: 2.0.0, 2.0.1, 2.0.2
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter,…
- CVE-2023-48705HIGHCVSS 7.1EG 7.1✓ Fixed in 1.6.62023-11-22
vulnerable: 1.0.0 ... 2.0.4 (86 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect …
- CVE-2023-50263LOWCVSS 3.7EG 3.7✓ Fixed in 1.6.72023-12-12
vulnerable: 1.1.0 ... 2.0.5 (78 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get…
- CVE-2023-51649LOWCVSS 3.5EG 3.5✓ Fixed in 1.6.82023-12-22
vulnerable: 1.5.14 ... 2.1.0b1 (27 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `ext…
- CVE-2024-23345HIGHCVSS 7.1EG 7.1✓ Fixed in 1.6.102024-01-23
vulnerable: 1.0.0 ... 2.1.1 (95 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequ…
- CVE-2024-29199LOWCVSS 3.7EG 3.7✓ Fixed in 2.1.92024-03-26
vulnerable: 2.0.0 ... 2.1.8 (17 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to a…
- CVE-2024-32979HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.32024-05-01
vulnerable: 2.0.0 ... 2.2.2 (22 versions)
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-pro…
- CVE-2024-34707HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.42024-05-14
vulnerable: 2.0.0 ... 2.2.3 (23 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoin…
- CVE-2024-36112MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.3.0b12024-05-28
vulnerable: 2.0.0 ... 2.2.9 (29 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`…
- CVE-2026-34203LOWCVSS 2.7EG 2.7✓ Fixed in 3.0.102026-03-31
vulnerable: 3.0.0 ... 3.0.9 (10 versions)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATOR…
Check whether nautobot is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for nautobot CVEs against the assets you own.
Start Free Scan →