Security: nautobot/nautobot
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Secrets exposure and data manipulation through Jinja2 templatingGHSA-wjw6-95h5-4jpx published
Jun 10, 2025 by glennmatthewsModerate -
Uploaded media files are accessible without authenticationGHSA-rh67-4c8j-hjjh published
Jun 10, 2025 by glennmatthewsModerate -
Nautobot dynamic-group-members UI and REST API doesn't enforce permission restrictions on member objectsGHSA-qmjf-wc2h-6x3q published
May 28, 2024 by glennmatthewsModerate -
BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pagesGHSA-r2hr-4v48-fjv3 published
May 13, 2024 by glennmatthewsHigh -
Reflected XSS potential in all object list viewsGHSA-jxgr-gcj5-cqqg published
Apr 30, 2024 by glennmatthewsHigh -
Unauthenticated views may expose information to anonymous usersGHSA-m732-wvh2-7cq4 published
Mar 25, 2024 by gsnider2195Low -
XSS potential in rendered Markdown fields (comments, description, notes, etc.)GHSA-v4xv-795h-rv4h published
Jan 22, 2024 by glennmatthewsHigh -
Missing object-level permissions enforcement when running Job ButtonsGHSA-vf5m-xrhm-v999 published
Dec 22, 2023 by glennmatthewsLow -
Unauthenticated db-file-storage viewsGHSA-75mc-3pjc-727q published
Dec 12, 2023 by glennmatthewsLow -
XSS potential in custom links, job buttons, and computed fieldsGHSA-cf9f-wmhp-v4pr published
Nov 22, 2023 by gsnider2195High