Skip to main content

Nautobot

12 CVEs product

Monthly

CVE-2025-49143 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-49142 PyPI HIGH PATCH This Week

A remote code execution vulnerability in Nautobot (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Authentication Bypass Nautobot
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-36112 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-34707 PyPI MEDIUM POC PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nautobot
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-32979 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PostgreSQL Python Nautobot
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29199 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23345 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nautobot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51649 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python PostgreSQL Authentication Bypass Nautobot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-50263 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48705 PyPI MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Nautobot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46128 PyPI MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25657 PyPI CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Nautobot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.

Information Disclosure Nautobot
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A remote code execution vulnerability in Nautobot (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Python Authentication Bypass Nautobot
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nautobot
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nautobot
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PostgreSQL Python +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nautobot
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nautobot
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python PostgreSQL Authentication Bypass +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python PostgreSQL +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Nautobot
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy