{"url":"http://public2.vulnerablecode.io/api/packages/27739?format=json","purl":"pkg:pypi/octoprint@1.8.0rc1","type":"pypi","namespace":"","name":"octoprint","version":"1.8.0rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.11.6","latest_non_vulnerable_version":"1.11.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36712?format=json","vulnerability_id":"VCID-1dst-zafa-c7bq","summary":"OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10032","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10017","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09951","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09918","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10002","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23637"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637","reference_id":"CVE-2024-23637","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23637"},{"reference_url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr","reference_id":"GHSA-5626-pw9c-hmjr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5626-pw9c-hmjr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39211?format=json","purl":"pkg:pypi/octoprint@1.10.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1"}],"aliases":["CVE-2024-23637","GHSA-5626-pw9c-hmjr","PYSEC-2024-29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dst-zafa-c7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36923?format=json","vulnerability_id":"VCID-4xvs-9du9-3qhp","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27607","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27614","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27693","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27744","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27655","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51493"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493","reference_id":"CVE-2024-51493","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51493"},{"reference_url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953","reference_id":"GHSA-cc6x-8cc7-9953","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cc6x-8cc7-9953"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43801?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-51493","GHSA-cc6x-8cc7-9953","PYSEC-2024-202"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xvs-9du9-3qhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36091?format=json","vulnerability_id":"VCID-5dkq-8wf1-53es","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63209","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63255","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6325","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63261","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63253","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1432"},{"reference_url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8pc-j334-jjhm"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml"},{"reference_url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27744?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-5zzb-wy4t-m7fq"},{"vulnerability":"VCID-6rm6-71kx-juf9"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e4bs-nyd6-wqaj"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-ecu2-nbaa-7qhs"},{"vulnerability":"VCID-k7n2-2y12-w3f7"},{"vulnerability":"VCID-rbam-kgdd-yyeu"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1432","GHSA-h8pc-j334-jjhm","PYSEC-2022-201"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dkq-8wf1-53es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36235?format=json","vulnerability_id":"VCID-5zzb-wy4t-m7fq","summary":"Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35303","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35247","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35227","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35293","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35185","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35267","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3068"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml"},{"reference_url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/"}],"url":"https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3068"},{"reference_url":"https://github.com/advisories/GHSA-2p75-q37p-f852","reference_id":"GHSA-2p75-q37p-f852","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2p75-q37p-f852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28786?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3068","GHSA-2p75-q37p-f852","PYSEC-2022-283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zzb-wy4t-m7fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36233?format=json","vulnerability_id":"VCID-6rm6-71kx-juf9","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45012","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44976","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44963","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45008","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.4494","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.44992","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2872"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml"},{"reference_url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/"}],"url":"https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2872"},{"reference_url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c","reference_id":"GHSA-49wm-4fp6-h59c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-49wm-4fp6-h59c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28786?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2872","GHSA-49wm-4fp6-h59c","PYSEC-2022-286"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rm6-71kx-juf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36092?format=json","vulnerability_id":"VCID-bmha-1fm6-27a7","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63722","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63723","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63674","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63715","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1430"},{"reference_url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7r7-wmj8-vv5g"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml"},{"reference_url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27744?format=json","purl":"pkg:pypi/octoprint@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-5zzb-wy4t-m7fq"},{"vulnerability":"VCID-6rm6-71kx-juf9"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e4bs-nyd6-wqaj"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-ecu2-nbaa-7qhs"},{"vulnerability":"VCID-k7n2-2y12-w3f7"},{"vulnerability":"VCID-rbam-kgdd-yyeu"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0"}],"aliases":["CVE-2022-1430","GHSA-x7r7-wmj8-vv5g","PYSEC-2022-200"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmha-1fm6-27a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36922?format=json","vulnerability_id":"VCID-cke8-8bew-zyaf","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog.  An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56662","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56689","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56683","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56677","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49377"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377","reference_id":"CVE-2024-49377","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49377"},{"reference_url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g","reference_id":"GHSA-xvxq-g8hw-fx4g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvxq-g8hw-fx4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43801?format=json","purl":"pkg:pypi/octoprint@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3"}],"aliases":["CVE-2024-49377","GHSA-xvxq-g8hw-fx4g","PYSEC-2024-201"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cke8-8bew-zyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57441?format=json","vulnerability_id":"VCID-dzbe-gru3-ukdn","summary":"OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint\nOctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken `multipart/form-data` request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run a denial of service attack on the OctoPrint server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48879","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14342","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14365","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14462","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14459","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14423","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48879"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48879","reference_id":"CVE-2025-48879","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48879"},{"reference_url":"https://github.com/advisories/GHSA-9wj4-8h85-pgrw","reference_id":"GHSA-9wj4-8h85-pgrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wj4-8h85-pgrw"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw","reference_id":"GHSA-9wj4-8h85-pgrw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85387?format=json","purl":"pkg:pypi/octoprint@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2"}],"aliases":["CVE-2025-48879","GHSA-9wj4-8h85-pgrw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzbe-gru3-ukdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36282?format=json","vulnerability_id":"VCID-e4bs-nyd6-wqaj","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44544","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44502","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44536","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44523","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3607"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml"},{"reference_url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/"}],"url":"https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3607"},{"reference_url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84","reference_id":"GHSA-rj5f-vm79-5j84","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj5f-vm79-5j84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28786?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-3607","GHSA-rj5f-vm79-5j84","PYSEC-2022-42975"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4bs-nyd6-wqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37049?format=json","vulnerability_id":"VCID-e9by-svvx-much","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04814","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06818","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06764","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06807","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06822","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32788"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788","reference_id":"CVE-2025-32788","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32788"},{"reference_url":"https://github.com/advisories/GHSA-qw93-h6pf-226x","reference_id":"GHSA-qw93-h6pf-226x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw93-h6pf-226x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45026?format=json","purl":"pkg:pypi/octoprint@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0"}],"aliases":["CVE-2025-32788","GHSA-qw93-h6pf-226x","PYSEC-2025-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9by-svvx-much"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36234?format=json","vulnerability_id":"VCID-ecu2-nbaa-7qhs","summary":"If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14952","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1493","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14904","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14986","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15028","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15038","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2888"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml"},{"reference_url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/"}],"url":"https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2888"},{"reference_url":"https://github.com/advisories/GHSA-937f-qh3w-6g87","reference_id":"GHSA-937f-qh3w-6g87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-937f-qh3w-6g87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28786?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2888","GHSA-937f-qh3w-6g87","PYSEC-2022-282"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecu2-nbaa-7qhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36164?format=json","vulnerability_id":"VCID-k7n2-2y12-w3f7","summary":"Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30793","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30788","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.3086","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30778","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30761","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30827","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2930"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml"},{"reference_url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2930"},{"reference_url":"https://github.com/advisories/GHSA-39gf-864w-pxw4","reference_id":"GHSA-39gf-864w-pxw4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39gf-864w-pxw4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28786?format=json","purl":"pkg:pypi/octoprint@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tc9k-358r-mkf3"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3"}],"aliases":["CVE-2022-2930","GHSA-39gf-864w-pxw4","PYSEC-2022-43142"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7n2-2y12-w3f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109892?format=json","vulnerability_id":"VCID-rbam-kgdd-yyeu","summary":"OctoPrint does not have rate limiting on the login page\nOctoPrint 1.7.3 and prior does not have rate limiting on the login page, making it possible for attackers to attempt brute force attacks. The severity of this issue is limited by OctoPrint normally running in a restricted LAN. The `devel` and `maintenance` branches of the repository have a fix that limits the rate of failed login attempts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2822","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51345","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51379","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51359","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51389","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51411","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51406","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2822"},{"reference_url":"https://github.com/octoprint/octoprint","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint"},{"reference_url":"https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de"},{"reference_url":"https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2822","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2822"},{"reference_url":"https://github.com/advisories/GHSA-5w5x-q9p5-9qg3","reference_id":"GHSA-5w5x-q9p5-9qg3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5w5x-q9p5-9qg3"}],"fixed_packages":[],"aliases":["CVE-2022-2822","GHSA-5w5x-q9p5-9qg3"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbam-kgdd-yyeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57438?format=json","vulnerability_id":"VCID-s4s7-jh3k-k7g7","summary":"OctoPrint vulnerable to possible file extraction via upload endpoints\nOctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from.\n\nThe primary risk lies in the potential exfiltration of secrets stored inside OctoPrint's config, or further system files. By removing important runtime files, this could also be used to impact the availability of the host. Given that the attacker requires a user account with file upload permissions, the actual impact of this should however hopefully be minimal in most cases.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48067","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27445","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27452","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27533","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27584","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27495","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48067"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48067","reference_id":"CVE-2025-48067","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48067"},{"reference_url":"https://github.com/advisories/GHSA-m9jh-jf9h-x3h2","reference_id":"GHSA-m9jh-jf9h-x3h2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9jh-jf9h-x3h2"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2","reference_id":"GHSA-m9jh-jf9h-x3h2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85387?format=json","purl":"pkg:pypi/octoprint@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2"}],"aliases":["CVE-2025-48067","GHSA-m9jh-jf9h-x3h2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4s7-jh3k-k7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58132?format=json","vulnerability_id":"VCID-tbb9-a1vr-g3ct","summary":"OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload\nOctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an **authenticated** attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered.\n\nIf no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58180","reference_id":"","reference_type":"","scores":[{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84813","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84816","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84801","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84812","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02219","scoring_system":"epss","scoring_elements":"0.84818","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58180"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt","reference_id":"CVE-2025-58180","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58180","reference_id":"CVE-2025-58180","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58180"},{"reference_url":"https://github.com/advisories/GHSA-49mj-x8jp-qvfc","reference_id":"GHSA-49mj-x8jp-qvfc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-49mj-x8jp-qvfc"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc","reference_id":"GHSA-49mj-x8jp-qvfc","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86509?format=json","purl":"pkg:pypi/octoprint@1.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.3"}],"aliases":["CVE-2025-58180","GHSA-49mj-x8jp-qvfc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbb9-a1vr-g3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36565?format=json","vulnerability_id":"VCID-tc9k-358r-mkf3","summary":"OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34339","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34281","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34261","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34323","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34303","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41047"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047","reference_id":"CVE-2023-41047","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41047"},{"reference_url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph","reference_id":"GHSA-fwfg-vprh-97ph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwfg-vprh-97ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36300?format=json","purl":"pkg:pypi/octoprint@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dst-zafa-c7bq"},{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3"}],"aliases":["CVE-2023-41047","GHSA-fwfg-vprh-97ph","PYSEC-2023-195"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9k-358r-mkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48330?format=json","vulnerability_id":"VCID-tpea-28hk-wkas","summary":"OctoPrint vulnerable to XSS in Action Commands Notification and Prompt\nOctoPrint versions up to and including 1.11.3 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notification and prompt popups generated by the printer.\n\nAn attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64187","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05141","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05146","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05103","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05147","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.05161","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64187"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64187","reference_id":"CVE-2025-64187","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64187"},{"reference_url":"https://github.com/advisories/GHSA-crvm-xjhm-9h29","reference_id":"GHSA-crvm-xjhm-9h29","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crvm-xjhm-9h29"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29","reference_id":"GHSA-crvm-xjhm-9h29","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71330?format=json","purl":"pkg:pypi/octoprint@1.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.4"}],"aliases":["CVE-2025-64187","GHSA-crvm-xjhm-9h29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpea-28hk-wkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36754?format=json","vulnerability_id":"VCID-uxkr-gr1v-abgd","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the \"Test\" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6586","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65855","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65836","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65847","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65849","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28237"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237","reference_id":"CVE-2024-28237","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28237"},{"reference_url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c","reference_id":"GHSA-x7mf-wrh9-r76c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7mf-wrh9-r76c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40669?format=json","purl":"pkg:pypi/octoprint@1.10.0rc3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-uxkr-gr1v-abgd"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3"},{"url":"http://public2.vulnerablecode.io/api/packages/40671?format=json","purl":"pkg:pypi/octoprint@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-w6dg-hmtv-2bav"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0"}],"aliases":["CVE-2024-28237","GHSA-x7mf-wrh9-r76c","PYSEC-2024-179"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxkr-gr1v-abgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36790?format=json","vulnerability_id":"VCID-w6dg-hmtv-2bav","summary":"OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36343","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36281","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36269","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36304","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32977"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977","reference_id":"CVE-2024-32977","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32977"},{"reference_url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7","reference_id":"GHSA-2vjq-hg5w-5gm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vjq-hg5w-5gm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41031?format=json","purl":"pkg:pypi/octoprint@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4xvs-9du9-3qhp"},{"vulnerability":"VCID-cke8-8bew-zyaf"},{"vulnerability":"VCID-dzbe-gru3-ukdn"},{"vulnerability":"VCID-e9by-svvx-much"},{"vulnerability":"VCID-s4s7-jh3k-k7g7"},{"vulnerability":"VCID-tbb9-a1vr-g3ct"},{"vulnerability":"VCID-tpea-28hk-wkas"},{"vulnerability":"VCID-xjzu-4qfa-z7e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1"}],"aliases":["CVE-2024-32977","GHSA-2vjq-hg5w-5gm7","PYSEC-2024-237"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6dg-hmtv-2bav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49858?format=json","vulnerability_id":"VCID-xjzu-4qfa-z7e8","summary":"OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication\nOctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network.\n\nDue to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23892","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03032","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03066","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03086","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03138","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23892"},{"reference_url":"https://github.com/OctoPrint/OctoPrint","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OctoPrint/OctoPrint"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23892","reference_id":"CVE-2026-23892","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23892"},{"reference_url":"https://github.com/advisories/GHSA-xg4x-w2j3-57h6","reference_id":"GHSA-xg4x-w2j3-57h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xg4x-w2j3-57h6"},{"reference_url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6","reference_id":"GHSA-xg4x-w2j3-57h6","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/"}],"url":"https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73636?format=json","purl":"pkg:pypi/octoprint@1.11.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.6"}],"aliases":["CVE-2026-23892","GHSA-xg4x-w2j3-57h6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjzu-4qfa-z7e8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0rc1"}