Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55359?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55359?format=api", "purl": "pkg:pypi/homeassistant@0.29.4", "type": "pypi", "namespace": "", "name": "homeassistant", "version": "0.29.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.1", "latest_non_vulnerable_version": "2026.1.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147195?format=api", "vulnerability_id": "VCID-9uny-reqy-5kfr", "summary": "Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim’s `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim’s own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49916", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-41893" }, { "reference_url": "https://github.com/home-assistant/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/homeassistant/PYSEC-2023-214.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/homeassistant/PYSEC-2023-214.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41893", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41893" }, { "reference_url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant" }, { "reference_url": "https://github.com/advisories/GHSA-qhhj-7hrc-gqj5", "reference_id": "GHSA-qhhj-7hrc-gqj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qhhj-7hrc-gqj5" }, { "reference_url": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5", "reference_id": "GHSA-qhhj-7hrc-gqj5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T15:02:34Z/" } ], "url": "https://github.com/home-assistant/core/security/advisories/GHSA-qhhj-7hrc-gqj5" }, { "reference_url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/", "reference_id": "security-audits-of-home-assistant", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T15:02:34Z/" } ], "url": "https://www.home-assistant.io/blog/2023/10/19/security-audits-of-home-assistant/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80512?format=api", "purl": "pkg:pypi/homeassistant@2023.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9zh-crgx-8fca" }, { "vulnerability": "VCID-e5zm-vstg-p7c8" }, { "vulnerability": "VCID-ers5-ue8w-kfg7" }, { "vulnerability": "VCID-vfdf-9zyy-wubq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@2023.9.0" } ], "aliases": [ "CVE-2023-41893", "GHSA-qhhj-7hrc-gqj5", "PYSEC-2023-214" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uny-reqy-5kfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91149?format=api", "vulnerability_id": "VCID-a9zh-crgx-8fca", "summary": "Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01235", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65713" }, { "reference_url": "https://github.com/home-assistant/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core" }, { "reference_url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/components/downloader/services.py#L32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/components/downloader/services.py#L32" }, { "reference_url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L20", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L20" }, { "reference_url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L32-L38", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L32-L38" }, { "reference_url": "https://github.com/home-assistant/core/pull/150046", "reference_id": "150046", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T18:51:15Z/" } ], "url": "https://github.com/home-assistant/core/pull/150046" }, { "reference_url": "https://gist.github.com/GenoWang/7359360285e0fe21a7a58d10ff71d032", "reference_id": "7359360285e0fe21a7a58d10ff71d032", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-23T18:51:15Z/" } ], "url": "https://gist.github.com/GenoWang/7359360285e0fe21a7a58d10ff71d032" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65713", "reference_id": "CVE-2025-65713", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65713" }, { "reference_url": "https://github.com/advisories/GHSA-pp3g-xmm4-5cw9", "reference_id": "GHSA-pp3g-xmm4-5cw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp3g-xmm4-5cw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36352?format=api", "purl": "pkg:pypi/homeassistant@2025.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kgj-6m8g-7yft" }, { "vulnerability": "VCID-e5zm-vstg-p7c8" }, { "vulnerability": "VCID-gun6-1nq5-1qdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@2025.8.0" } ], "aliases": [ "CVE-2025-65713", "GHSA-pp3g-xmm4-5cw9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9zh-crgx-8fca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358836?format=api", "vulnerability_id": "VCID-ers5-ue8w-kfg7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08571", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25305" }, { "reference_url": "https://github.com/home-assistant/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core" }, { "reference_url": "https://github.com/home-assistant/core/commit/8c6547f1b64f4a3d9f10090b97383353c9367892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/commit/8c6547f1b64f4a3d9f10090b97383353c9367892" }, { "reference_url": "https://github.com/home-assistant/core/security/advisories/GHSA-m3pm-rpgg-5wj6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/security/advisories/GHSA-m3pm-rpgg-5wj6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25305", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25305" }, { "reference_url": "https://github.com/advisories/GHSA-m3pm-rpgg-5wj6", "reference_id": "GHSA-m3pm-rpgg-5wj6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m3pm-rpgg-5wj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377312?format=api", "purl": "pkg:pypi/homeassistant@2024.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9zh-crgx-8fca" }, { "vulnerability": "VCID-e5zm-vstg-p7c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@2024.1.6" } ], "aliases": [ "CVE-2025-25305", "GHSA-m3pm-rpgg-5wj6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ers5-ue8w-kfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217811?format=api", "vulnerability_id": "VCID-k1gv-ayhe-43hd", "summary": "Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78654", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21019" }, { "reference_url": "https://github.com/advisories/GHSA-mh78-8f49-vjg3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mh78-8f49-vjg3" }, { "reference_url": "https://github.com/home-assistant/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core" }, { "reference_url": "https://github.com/home-assistant/core/commit/598f093bf0fecdefaa3d95d1ddae71317a05321e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/commit/598f093bf0fecdefaa3d95d1ddae71317a05321e" }, { "reference_url": "https://github.com/home-assistant/core/pull/13836", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/pull/13836" }, { "reference_url": "https://github.com/home-assistant/core/releases/tag/0.67.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/releases/tag/0.67.0" }, { "reference_url": "https://github.com/home-assistant/home-assistant/pull/13836", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/home-assistant/pull/13836" }, { "reference_url": "https://github.com/home-assistant/home-assistant/releases/tag/0.67.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/home-assistant/releases/tag/0.67.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/homeassistant/PYSEC-2019-221.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/homeassistant/PYSEC-2019-221.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-21019" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55482?format=api", "purl": "pkg:pypi/homeassistant@0.67.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9uny-reqy-5kfr" }, { "vulnerability": "VCID-a9zh-crgx-8fca" }, { "vulnerability": "VCID-ers5-ue8w-kfg7" }, { "vulnerability": "VCID-vfdf-9zyy-wubq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@0.67.0" } ], "aliases": [ "CVE-2018-21019", "GHSA-mh78-8f49-vjg3", "PYSEC-2019-221" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1gv-ayhe-43hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357946?format=api", "vulnerability_id": "VCID-vfdf-9zyy-wubq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43946", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50715" }, { "reference_url": "https://github.com/home-assistant/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core" }, { "reference_url": "https://github.com/home-assistant/core/commit/dbfc5ea8f96bde6cd165892f5a6a6f9a65731c76", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/commit/dbfc5ea8f96bde6cd165892f5a6a6f9a65731c76" }, { "reference_url": "https://github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50715", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50715" }, { "reference_url": "https://github.com/advisories/GHSA-jqpc-rc7g-vf83", "reference_id": "GHSA-jqpc-rc7g-vf83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jqpc-rc7g-vf83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380318?format=api", "purl": "pkg:pypi/homeassistant@2023.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9zh-crgx-8fca" }, { "vulnerability": "VCID-e5zm-vstg-p7c8" }, { "vulnerability": "VCID-ers5-ue8w-kfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@2023.12.3" } ], "aliases": [ "CVE-2023-50715", "GHSA-jqpc-rc7g-vf83" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfdf-9zyy-wubq" } ], "fixing_vulnerabilities": [], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/homeassistant@0.29.4" }