| CVE-2026-44797 |
high |
8.5 |
8.5 |
|
|
|
21d ago |
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient… |
| CVE-2026-44798 |
high |
7.1 |
7.1 |
|
|
|
21d ago |
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu… |
| CVE-2026-44796 |
medium |
6.5 |
6.5 |
|
|
|
21d ago |
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a… |
| CVE-2025-49142 |
medium |
— |
5.5 |
|
|
|
1y ago |
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configu… |
| CVE-2026-44794 |
medium |
5.4 |
5.4 |
|
|
|
21d ago |
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen… |
| CVE-2026-34203 |
unknown |
— |
— |
|
|
|
2mo ago |
Nautobot: Management of users via REST API does not apply configured password validators |
| CVE-2025-49143 |
unknown |
— |
— |
|
|
|
1y ago |
Nautobot may allows uploaded media files to be accessible without authentication |
| CVE-2024-36112 |
unknown |
— |
— |
|
|
|
2y ago |
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail U… |
| CVE-2024-34707 |
unknown |
— |
— |
|
|
|
2y ago |
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages |
| CVE-2024-32979 |
unknown |
— |
— |
|
|
|
2y ago |
nautobot has reflected Cross-site Scripting potential in all object list views |
| CVE-2024-29199 |
unknown |
— |
— |
|
|
|
2y ago |
Unauthenticated views may expose information to anonymous users |
| CVE-2024-23345 |
unknown |
— |
— |
|
|
|
2y ago |
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site… |
| CVE-2023-51649 |
unknown |
— |
— |
|
|
|
3y ago |
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via… |
| CVE-2023-50263 |
unknown |
— |
— |
|
|
|
3y ago |
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior … |
| CVE-2023-48705 |
unknown |
— |
— |
|
|
|
3y ago |
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site sc… |
| CVE-2023-46128 |
unknown |
— |
— |
|
|
|
3y ago |
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combinatio… |
| CVE-2023-25657 |
unknown |
— |
— |
|
|
|
3y ago |
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not proper… |
