Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/octoprint@1.4.0rc4
Typepypi
Namespace
Nameoctoprint
Version1.4.0rc4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.6
Latest_non_vulnerable_version1.11.6
Affected_by_vulnerabilities
0
url VCID-2cub-qe27-8ydg
vulnerability_id VCID-2cub-qe27-8ydg
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32977
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36333
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32977
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-237.yaml
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4
reference_id 5afbec8d23508edc25b0f1bdef1620580136add4
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/
url https://github.com/OctoPrint/OctoPrint/commit/5afbec8d23508edc25b0f1bdef1620580136add4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32977
reference_id CVE-2024-32977
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32977
5
reference_url https://github.com/advisories/GHSA-2vjq-hg5w-5gm7
reference_id GHSA-2vjq-hg5w-5gm7
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vjq-hg5w-5gm7
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7
reference_id GHSA-2vjq-hg5w-5gm7
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-15T13:21:43Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-2vjq-hg5w-5gm7
fixed_packages
0
url pkg:pypi/octoprint@1.10.1
purl pkg:pypi/octoprint@1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-g8tn-vs5n-47a7
2
vulnerability VCID-r446-why1-fubb
3
vulnerability VCID-tb48-kg2g-rkds
4
vulnerability VCID-u3bq-5gbm-dyhz
5
vulnerability VCID-ukky-hd4w-dffm
6
vulnerability VCID-vpq4-7mh6-duhr
7
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.1
aliases CVE-2024-32977, GHSA-2vjq-hg5w-5gm7, PYSEC-2024-237
risk_score 4.2
exploitability 0.5
weighted_severity 8.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cub-qe27-8ydg
1
url VCID-49na-ptq4-q7ba
vulnerability_id VCID-49na-ptq4-q7ba
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character. The vulnerability is patched in version 1.11.6. The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public Internet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23892
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03057
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23892
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6
reference_id 1.11.6
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.6
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c
reference_id 249fd80ab01bc4b7dabedff768230a0fb5d01a8c
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/commit/249fd80ab01bc4b7dabedff768230a0fb5d01a8c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23892
reference_id CVE-2026-23892
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23892
5
reference_url https://github.com/advisories/GHSA-xg4x-w2j3-57h6
reference_id GHSA-xg4x-w2j3-57h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg4x-w2j3-57h6
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6
reference_id GHSA-xg4x-w2j3-57h6
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T19:13:25Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xg4x-w2j3-57h6
fixed_packages
0
url pkg:pypi/octoprint@1.11.6
purl pkg:pypi/octoprint@1.11.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.6
aliases CVE-2026-23892, GHSA-xg4x-w2j3-57h6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49na-ptq4-q7ba
2
url VCID-5ytr-t8pp-e3h2
vulnerability_id VCID-5ytr-t8pp-e3h2
summary OctoPrint API Error Messages vulnerable to XSS
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32561
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54312
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32561
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-30.yaml
4
reference_url https://octoprint.org/blog/2021/04/27/new-release-1.6.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://octoprint.org/blog/2021/04/27/new-release-1.6.0
5
reference_url https://octoprint.org/blog/2021/04/27/new-release-1.6.0/
reference_id
reference_type
scores
url https://octoprint.org/blog/2021/04/27/new-release-1.6.0/
6
reference_url https://www.brzozowski.io
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.brzozowski.io
7
reference_url https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32561
reference_id CVE-2021-32561
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32561
9
reference_url https://github.com/advisories/GHSA-vcx4-fpmp-mvv6
reference_id GHSA-vcx4-fpmp-mvv6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcx4-fpmp-mvv6
fixed_packages
0
url pkg:pypi/octoprint@1.6.0
purl pkg:pypi/octoprint@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-99k3-bt7y-m7az
4
vulnerability VCID-cvmz-xqx7-t3df
5
vulnerability VCID-eumt-k6wn-3kcq
6
vulnerability VCID-fwx5-necc-t7ch
7
vulnerability VCID-g8tn-vs5n-47a7
8
vulnerability VCID-m9k6-9ft6-9kdf
9
vulnerability VCID-nsb4-79pr-67eu
10
vulnerability VCID-pnme-vesu-8khw
11
vulnerability VCID-r446-why1-fubb
12
vulnerability VCID-tb48-kg2g-rkds
13
vulnerability VCID-u3bq-5gbm-dyhz
14
vulnerability VCID-ukky-hd4w-dffm
15
vulnerability VCID-vpq4-7mh6-duhr
16
vulnerability VCID-wkhk-mjja-fuhm
17
vulnerability VCID-xnex-jd9w-ruaz
18
vulnerability VCID-za3r-74rm-bkfe
19
vulnerability VCID-ze38-9vap-5yc1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0
aliases CVE-2021-32561, GHSA-vcx4-fpmp-mvv6, PYSEC-2021-30
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ytr-t8pp-e3h2
3
url VCID-6r5c-xsnz-kkhb
vulnerability_id VCID-6r5c-xsnz-kkhb
summary OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41047
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34317
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41047
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2023-195.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41047
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41047
4
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3
reference_id 1.9.3
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3
5
reference_url https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db
reference_id d0072cff894509c77e243d6562245ad3079e17db
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db
6
reference_url https://github.com/advisories/GHSA-fwfg-vprh-97ph
reference_id GHSA-fwfg-vprh-97ph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwfg-vprh-97ph
7
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph
reference_id GHSA-fwfg-vprh-97ph
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T16:43:52Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph
fixed_packages
0
url pkg:pypi/octoprint@1.9.3
purl pkg:pypi/octoprint@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-cvmz-xqx7-t3df
3
vulnerability VCID-g8tn-vs5n-47a7
4
vulnerability VCID-r446-why1-fubb
5
vulnerability VCID-tb48-kg2g-rkds
6
vulnerability VCID-u3bq-5gbm-dyhz
7
vulnerability VCID-ukky-hd4w-dffm
8
vulnerability VCID-vpq4-7mh6-duhr
9
vulnerability VCID-wkhk-mjja-fuhm
10
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.9.3
aliases CVE-2023-41047, GHSA-fwfg-vprh-97ph, PYSEC-2023-195
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6r5c-xsnz-kkhb
4
url VCID-99k3-bt7y-m7az
vulnerability_id VCID-99k3-bt7y-m7az
summary Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3068
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35293
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3068
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-283.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3068
reference_id CVE-2022-3068
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3068
4
reference_url https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571
reference_id ef95ef1c101b79394f134e8fce000e6bae046571
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/
url https://github.com/octoprint/octoprint/commit/ef95ef1c101b79394f134e8fce000e6bae046571
5
reference_url https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884
reference_id f45c24cb-9104-4c6e-a9e1-5c7e75e83884
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:21:49Z/
url https://huntr.dev/bounties/f45c24cb-9104-4c6e-a9e1-5c7e75e83884
6
reference_url https://github.com/advisories/GHSA-2p75-q37p-f852
reference_id GHSA-2p75-q37p-f852
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2p75-q37p-f852
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-cvmz-xqx7-t3df
4
vulnerability VCID-g8tn-vs5n-47a7
5
vulnerability VCID-r446-why1-fubb
6
vulnerability VCID-tb48-kg2g-rkds
7
vulnerability VCID-u3bq-5gbm-dyhz
8
vulnerability VCID-ukky-hd4w-dffm
9
vulnerability VCID-vpq4-7mh6-duhr
10
vulnerability VCID-wkhk-mjja-fuhm
11
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-3068, GHSA-2p75-q37p-f852, PYSEC-2022-283
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99k3-bt7y-m7az
5
url VCID-cvmz-xqx7-t3df
vulnerability_id VCID-cvmz-xqx7-t3df
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28237
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.65902
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28237
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-179.yaml
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517
reference_id 779894c1bc6478332d14bc9ed1006df1354eb517
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/
url https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28237
reference_id CVE-2024-28237
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28237
5
reference_url https://github.com/advisories/GHSA-x7mf-wrh9-r76c
reference_id GHSA-x7mf-wrh9-r76c
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7mf-wrh9-r76c
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c
reference_id GHSA-x7mf-wrh9-r76c
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T15:19:13Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c
fixed_packages
0
url pkg:pypi/octoprint@1.10.0rc3
purl pkg:pypi/octoprint@1.10.0rc3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-cvmz-xqx7-t3df
3
vulnerability VCID-g8tn-vs5n-47a7
4
vulnerability VCID-r446-why1-fubb
5
vulnerability VCID-tb48-kg2g-rkds
6
vulnerability VCID-u3bq-5gbm-dyhz
7
vulnerability VCID-ukky-hd4w-dffm
8
vulnerability VCID-vpq4-7mh6-duhr
9
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc3
1
url pkg:pypi/octoprint@1.10.0
purl pkg:pypi/octoprint@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-g8tn-vs5n-47a7
3
vulnerability VCID-r446-why1-fubb
4
vulnerability VCID-tb48-kg2g-rkds
5
vulnerability VCID-u3bq-5gbm-dyhz
6
vulnerability VCID-ukky-hd4w-dffm
7
vulnerability VCID-vpq4-7mh6-duhr
8
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0
aliases CVE-2024-28237, GHSA-x7mf-wrh9-r76c, PYSEC-2024-179
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvmz-xqx7-t3df
6
url VCID-eumt-k6wn-3kcq
vulnerability_id VCID-eumt-k6wn-3kcq
summary Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2872
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45029
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2872
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-286.yaml
3
reference_url https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0
reference_id 3e3c11811e216fb371a33e28412df83f9701e5b0
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/
url https://github.com/octoprint/octoprint/commit/3e3c11811e216fb371a33e28412df83f9701e5b0
4
reference_url https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56
reference_id b966c74d-6f3f-49fe-b40a-eaf25e362c56
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:26:52Z/
url https://huntr.dev/bounties/b966c74d-6f3f-49fe-b40a-eaf25e362c56
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2872
reference_id CVE-2022-2872
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2872
6
reference_url https://github.com/advisories/GHSA-49wm-4fp6-h59c
reference_id GHSA-49wm-4fp6-h59c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-49wm-4fp6-h59c
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-cvmz-xqx7-t3df
4
vulnerability VCID-g8tn-vs5n-47a7
5
vulnerability VCID-r446-why1-fubb
6
vulnerability VCID-tb48-kg2g-rkds
7
vulnerability VCID-u3bq-5gbm-dyhz
8
vulnerability VCID-ukky-hd4w-dffm
9
vulnerability VCID-vpq4-7mh6-duhr
10
vulnerability VCID-wkhk-mjja-fuhm
11
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2872, GHSA-49wm-4fp6-h59c, PYSEC-2022-286
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eumt-k6wn-3kcq
7
url VCID-fwx5-necc-t7ch
vulnerability_id VCID-fwx5-necc-t7ch
summary OctoPrint does not have rate limiting on the login page
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2822
reference_id
reference_type
scores
0
value 0.00277
scoring_system epss
scoring_elements 0.51444
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2822
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de
3
reference_url https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2822
reference_id CVE-2022-2822
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2822
5
reference_url https://github.com/advisories/GHSA-5w5x-q9p5-9qg3
reference_id GHSA-5w5x-q9p5-9qg3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w5x-q9p5-9qg3
fixed_packages
aliases CVE-2022-2822, GHSA-5w5x-q9p5-9qg3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwx5-necc-t7ch
8
url VCID-g8tn-vs5n-47a7
vulnerability_id VCID-g8tn-vs5n-47a7
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-49377
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56752
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-49377
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/commit/b8a6b0a75202edac3bb142a8e4f9041a0b6825bf
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-201.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-49377
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-49377
5
reference_url https://github.com/advisories/GHSA-xvxq-g8hw-fx4g
reference_id GHSA-xvxq-g8hw-fx4g
reference_type
scores
url https://github.com/advisories/GHSA-xvxq-g8hw-fx4g
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g
reference_id GHSA-xvxq-g8hw-fx4g
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:15Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g
fixed_packages
0
url pkg:pypi/octoprint@1.10.3
purl pkg:pypi/octoprint@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-r446-why1-fubb
2
vulnerability VCID-tb48-kg2g-rkds
3
vulnerability VCID-u3bq-5gbm-dyhz
4
vulnerability VCID-vpq4-7mh6-duhr
5
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3
aliases CVE-2024-49377, GHSA-xvxq-g8hw-fx4g, PYSEC-2024-201
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8tn-vs5n-47a7
9
url VCID-m9k6-9ft6-9kdf
vulnerability_id VCID-m9k6-9ft6-9kdf
summary Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3607
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44556
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3607
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-42975.yaml
3
reference_url https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
reference_id 2d1db3c9-93e8-4902-a55b-5ea53c22aa11
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
2
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/
url https://huntr.dev/bounties/2d1db3c9-93e8-4902-a55b-5ea53c22aa11
4
reference_url https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
reference_id 3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
2
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T14:47:28Z/
url https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3607
reference_id CVE-2022-3607
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3607
6
reference_url https://github.com/advisories/GHSA-rj5f-vm79-5j84
reference_id GHSA-rj5f-vm79-5j84
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj5f-vm79-5j84
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-cvmz-xqx7-t3df
4
vulnerability VCID-g8tn-vs5n-47a7
5
vulnerability VCID-r446-why1-fubb
6
vulnerability VCID-tb48-kg2g-rkds
7
vulnerability VCID-u3bq-5gbm-dyhz
8
vulnerability VCID-ukky-hd4w-dffm
9
vulnerability VCID-vpq4-7mh6-duhr
10
vulnerability VCID-wkhk-mjja-fuhm
11
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-3607, GHSA-rj5f-vm79-5j84, PYSEC-2022-42975
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9k6-9ft6-9kdf
10
url VCID-nsb4-79pr-67eu
vulnerability_id VCID-nsb4-79pr-67eu
summary Unverified Password Change in OctoPrint
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2930
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30822
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2930
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-43142.yaml
4
reference_url https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2930
reference_id CVE-2022-2930
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2930
6
reference_url https://github.com/advisories/GHSA-39gf-864w-pxw4
reference_id GHSA-39gf-864w-pxw4
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-39gf-864w-pxw4
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-cvmz-xqx7-t3df
4
vulnerability VCID-g8tn-vs5n-47a7
5
vulnerability VCID-r446-why1-fubb
6
vulnerability VCID-tb48-kg2g-rkds
7
vulnerability VCID-u3bq-5gbm-dyhz
8
vulnerability VCID-ukky-hd4w-dffm
9
vulnerability VCID-vpq4-7mh6-duhr
10
vulnerability VCID-wkhk-mjja-fuhm
11
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2930, GHSA-39gf-864w-pxw4, PYSEC-2022-43142
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsb4-79pr-67eu
11
url VCID-pnme-vesu-8khw
vulnerability_id VCID-pnme-vesu-8khw
summary Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1432
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.6332
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1432
1
reference_url https://github.com/advisories/GHSA-h8pc-j334-jjhm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8pc-j334-jjhm
2
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
3
reference_url https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-201.yaml
5
reference_url https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1432
fixed_packages
0
url pkg:pypi/octoprint@1.8.0
purl pkg:pypi/octoprint@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-99k3-bt7y-m7az
4
vulnerability VCID-cvmz-xqx7-t3df
5
vulnerability VCID-eumt-k6wn-3kcq
6
vulnerability VCID-fwx5-necc-t7ch
7
vulnerability VCID-g8tn-vs5n-47a7
8
vulnerability VCID-m9k6-9ft6-9kdf
9
vulnerability VCID-nsb4-79pr-67eu
10
vulnerability VCID-r446-why1-fubb
11
vulnerability VCID-tb48-kg2g-rkds
12
vulnerability VCID-u3bq-5gbm-dyhz
13
vulnerability VCID-ukky-hd4w-dffm
14
vulnerability VCID-vpq4-7mh6-duhr
15
vulnerability VCID-wkhk-mjja-fuhm
16
vulnerability VCID-xnex-jd9w-ruaz
17
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0
aliases CVE-2022-1432, GHSA-h8pc-j334-jjhm, PYSEC-2022-201
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnme-vesu-8khw
12
url VCID-r446-why1-fubb
vulnerability_id VCID-r446-why1-fubb
summary OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32788
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04853
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32788
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2025-56.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32788
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32788
4
reference_url https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2
reference_id 41ff431014edfa18ca1a01897b10463934dc7fc2
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/
url https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2
5
reference_url https://github.com/advisories/GHSA-qw93-h6pf-226x
reference_id GHSA-qw93-h6pf-226x
reference_type
scores
url https://github.com/advisories/GHSA-qw93-h6pf-226x
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x
reference_id GHSA-qw93-h6pf-226x
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T19:56:38Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x
fixed_packages
0
url pkg:pypi/octoprint@1.11.0
purl pkg:pypi/octoprint@1.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-tb48-kg2g-rkds
2
vulnerability VCID-u3bq-5gbm-dyhz
3
vulnerability VCID-vpq4-7mh6-duhr
4
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.0
aliases CVE-2025-32788, GHSA-qw93-h6pf-226x, PYSEC-2025-56
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r446-why1-fubb
13
url VCID-tb48-kg2g-rkds
vulnerability_id VCID-tb48-kg2g-rkds
summary OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance. This issue is fixed in version 1.11.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64187
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05199
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64187
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44
reference_id 9112e07b1085f4c1ee9eefc67985809251057a44
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/
url https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64187
reference_id CVE-2025-64187
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64187
4
reference_url https://github.com/advisories/GHSA-crvm-xjhm-9h29
reference_id GHSA-crvm-xjhm-9h29
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crvm-xjhm-9h29
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29
reference_id GHSA-crvm-xjhm-9h29
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:58:58Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29
fixed_packages
0
url pkg:pypi/octoprint@1.11.4
purl pkg:pypi/octoprint@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.4
aliases CVE-2025-64187, GHSA-crvm-xjhm-9h29
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tb48-kg2g-rkds
14
url VCID-u3bq-5gbm-dyhz
vulnerability_id VCID-u3bq-5gbm-dyhz
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered. If no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact. The vulnerability is patched in version 1.11.3. As a workaround, OctoPrint administrators who have event handlers configured that include any kind of filename based placeholders should disable those by setting their `enabled` property to `False` or unchecking the "Enabled" checkbox in the GUI based Event Manager. Alternatively, OctoPrint administrators should set `feature.enforceReallyUniversalFilenames` to `true` in `config.yaml` and restart OctoPrint, then vet the existing uploads and make sure to delete any suspicious looking files. As always, OctoPrint administrators are advised to not expose OctoPrint on hostile networks like the public internet, and to vet who has access to their instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58180
reference_id
reference_type
scores
0
value 0.02219
scoring_system epss
scoring_elements 0.84847
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58180
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58180
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58180
3
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3
reference_id 1.11.3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3
4
reference_url https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b
reference_id be4201ef58d9a7c03593252398c16eada90a258b
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b
5
reference_url https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841
reference_id c3a940962f4658a8e035a00388781b1cbd768841
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt
reference_id CVE-2025-58180
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52476.txt
7
reference_url https://github.com/advisories/GHSA-49mj-x8jp-qvfc
reference_id GHSA-49mj-x8jp-qvfc
reference_type
scores
url https://github.com/advisories/GHSA-49mj-x8jp-qvfc
8
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc
reference_id GHSA-49mj-x8jp-qvfc
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-10T13:59:03Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc
fixed_packages
0
url pkg:pypi/octoprint@1.11.3
purl pkg:pypi/octoprint@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-tb48-kg2g-rkds
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.3
aliases CVE-2025-58180, GHSA-49mj-x8jp-qvfc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3bq-5gbm-dyhz
15
url VCID-ukky-hd4w-dffm
vulnerability_id VCID-ukky-hd4w-dffm
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51493
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27641
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51493
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/commit/9bc80d782d72881b16e20873dcd0b8314324c70c
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-202.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51493
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51493
5
reference_url https://github.com/advisories/GHSA-cc6x-8cc7-9953
reference_id GHSA-cc6x-8cc7-9953
reference_type
scores
url https://github.com/advisories/GHSA-cc6x-8cc7-9953
6
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953
reference_id GHSA-cc6x-8cc7-9953
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-05T19:01:40Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953
fixed_packages
0
url pkg:pypi/octoprint@1.10.3
purl pkg:pypi/octoprint@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-r446-why1-fubb
2
vulnerability VCID-tb48-kg2g-rkds
3
vulnerability VCID-u3bq-5gbm-dyhz
4
vulnerability VCID-vpq4-7mh6-duhr
5
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.3
aliases CVE-2024-51493, GHSA-cc6x-8cc7-9953, PYSEC-2024-202
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukky-hd4w-dffm
16
url VCID-urhm-b8fa-nqaj
vulnerability_id VCID-urhm-b8fa-nqaj
summary OctoPrint Incorrect Access Control
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32560
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57921
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32560
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2021-29.yaml
4
reference_url https://octoprint.org/blog/2021/04/27/new-release-1.6.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://octoprint.org/blog/2021/04/27/new-release-1.6.0
5
reference_url https://octoprint.org/blog/2021/04/27/new-release-1.6.0/
reference_id
reference_type
scores
url https://octoprint.org/blog/2021/04/27/new-release-1.6.0/
6
reference_url https://www.brzozowski.io
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.brzozowski.io
7
reference_url https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32560
reference_id CVE-2021-32560
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32560
9
reference_url https://github.com/advisories/GHSA-x9rq-fjp5-qgm9
reference_id GHSA-x9rq-fjp5-qgm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x9rq-fjp5-qgm9
fixed_packages
0
url pkg:pypi/octoprint@1.6.0
purl pkg:pypi/octoprint@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-99k3-bt7y-m7az
4
vulnerability VCID-cvmz-xqx7-t3df
5
vulnerability VCID-eumt-k6wn-3kcq
6
vulnerability VCID-fwx5-necc-t7ch
7
vulnerability VCID-g8tn-vs5n-47a7
8
vulnerability VCID-m9k6-9ft6-9kdf
9
vulnerability VCID-nsb4-79pr-67eu
10
vulnerability VCID-pnme-vesu-8khw
11
vulnerability VCID-r446-why1-fubb
12
vulnerability VCID-tb48-kg2g-rkds
13
vulnerability VCID-u3bq-5gbm-dyhz
14
vulnerability VCID-ukky-hd4w-dffm
15
vulnerability VCID-vpq4-7mh6-duhr
16
vulnerability VCID-wkhk-mjja-fuhm
17
vulnerability VCID-xnex-jd9w-ruaz
18
vulnerability VCID-za3r-74rm-bkfe
19
vulnerability VCID-ze38-9vap-5yc1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.6.0
aliases CVE-2021-32560, GHSA-x9rq-fjp5-qgm9, PYSEC-2021-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urhm-b8fa-nqaj
17
url VCID-vpq4-7mh6-duhr
vulnerability_id VCID-vpq4-7mh6-duhr
summary OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48879
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.14459
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48879
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48879
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48879
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
reference_id c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/
url https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
4
reference_url https://github.com/advisories/GHSA-9wj4-8h85-pgrw
reference_id GHSA-9wj4-8h85-pgrw
reference_type
scores
url https://github.com/advisories/GHSA-9wj4-8h85-pgrw
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw
reference_id GHSA-9wj4-8h85-pgrw
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:57:28Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw
fixed_packages
0
url pkg:pypi/octoprint@1.11.2
purl pkg:pypi/octoprint@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-tb48-kg2g-rkds
2
vulnerability VCID-u3bq-5gbm-dyhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2
aliases CVE-2025-48879, GHSA-9wj4-8h85-pgrw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpq4-7mh6-duhr
18
url VCID-wkhk-mjja-fuhm
vulnerability_id VCID-wkhk-mjja-fuhm
summary OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23637
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10032
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23637
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2024-29.yaml
3
reference_url https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
reference_id 1.10.0rc1
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1
4
reference_url https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
reference_id 1729d167b4ae4a5835bbc7211b92c6828b1c4125
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23637
reference_id CVE-2024-23637
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23637
6
reference_url https://github.com/advisories/GHSA-5626-pw9c-hmjr
reference_id GHSA-5626-pw9c-hmjr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5626-pw9c-hmjr
7
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
reference_id GHSA-5626-pw9c-hmjr
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T20:27:59Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr
fixed_packages
0
url pkg:pypi/octoprint@1.10.0rc1
purl pkg:pypi/octoprint@1.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-cvmz-xqx7-t3df
3
vulnerability VCID-g8tn-vs5n-47a7
4
vulnerability VCID-r446-why1-fubb
5
vulnerability VCID-tb48-kg2g-rkds
6
vulnerability VCID-u3bq-5gbm-dyhz
7
vulnerability VCID-ukky-hd4w-dffm
8
vulnerability VCID-vpq4-7mh6-duhr
9
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.10.0rc1
aliases CVE-2024-23637, GHSA-5626-pw9c-hmjr, PYSEC-2024-29
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkhk-mjja-fuhm
19
url VCID-xnex-jd9w-ruaz
vulnerability_id VCID-xnex-jd9w-ruaz
summary If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2888
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15021
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2888
1
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-282.yaml
3
reference_url https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
reference_id 40e6217ac1a85cc5ed592873ae49db01d3005da4
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/
url https://github.com/octoprint/octoprint/commit/40e6217ac1a85cc5ed592873ae49db01d3005da4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2888
reference_id CVE-2022-2888
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2888
5
reference_url https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
reference_id d27d232b-2578-4b32-b3b4-74aabdadf629
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:05Z/
url https://huntr.dev/bounties/d27d232b-2578-4b32-b3b4-74aabdadf629
6
reference_url https://github.com/advisories/GHSA-937f-qh3w-6g87
reference_id GHSA-937f-qh3w-6g87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-937f-qh3w-6g87
fixed_packages
0
url pkg:pypi/octoprint@1.8.3
purl pkg:pypi/octoprint@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-cvmz-xqx7-t3df
4
vulnerability VCID-g8tn-vs5n-47a7
5
vulnerability VCID-r446-why1-fubb
6
vulnerability VCID-tb48-kg2g-rkds
7
vulnerability VCID-u3bq-5gbm-dyhz
8
vulnerability VCID-ukky-hd4w-dffm
9
vulnerability VCID-vpq4-7mh6-duhr
10
vulnerability VCID-wkhk-mjja-fuhm
11
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.3
aliases CVE-2022-2888, GHSA-937f-qh3w-6g87, PYSEC-2022-282
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnex-jd9w-ruaz
20
url VCID-za3r-74rm-bkfe
vulnerability_id VCID-za3r-74rm-bkfe
summary OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48067
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27481
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48067
1
reference_url https://github.com/OctoPrint/OctoPrint
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OctoPrint/OctoPrint
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48067
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48067
3
reference_url https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8
reference_id 9984b20773f5895a432f965b759999b16c57f7d8
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/
url https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8
4
reference_url https://github.com/advisories/GHSA-m9jh-jf9h-x3h2
reference_id GHSA-m9jh-jf9h-x3h2
reference_type
scores
url https://github.com/advisories/GHSA-m9jh-jf9h-x3h2
5
reference_url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2
reference_id GHSA-m9jh-jf9h-x3h2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:36:28Z/
url https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2
fixed_packages
0
url pkg:pypi/octoprint@1.11.2
purl pkg:pypi/octoprint@1.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-49na-ptq4-q7ba
1
vulnerability VCID-tb48-kg2g-rkds
2
vulnerability VCID-u3bq-5gbm-dyhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.11.2
aliases CVE-2025-48067, GHSA-m9jh-jf9h-x3h2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-za3r-74rm-bkfe
21
url VCID-ze38-9vap-5yc1
vulnerability_id VCID-ze38-9vap-5yc1
summary Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1430
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63784
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1430
1
reference_url https://github.com/advisories/GHSA-x7r7-wmj8-vv5g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7r7-wmj8-vv5g
2
reference_url https://github.com/octoprint/octoprint
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint
3
reference_url https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/octoprint/PYSEC-2022-200.yaml
5
reference_url https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1430
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1430
fixed_packages
0
url pkg:pypi/octoprint@1.8.0
purl pkg:pypi/octoprint@1.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cub-qe27-8ydg
1
vulnerability VCID-49na-ptq4-q7ba
2
vulnerability VCID-6r5c-xsnz-kkhb
3
vulnerability VCID-99k3-bt7y-m7az
4
vulnerability VCID-cvmz-xqx7-t3df
5
vulnerability VCID-eumt-k6wn-3kcq
6
vulnerability VCID-fwx5-necc-t7ch
7
vulnerability VCID-g8tn-vs5n-47a7
8
vulnerability VCID-m9k6-9ft6-9kdf
9
vulnerability VCID-nsb4-79pr-67eu
10
vulnerability VCID-r446-why1-fubb
11
vulnerability VCID-tb48-kg2g-rkds
12
vulnerability VCID-u3bq-5gbm-dyhz
13
vulnerability VCID-ukky-hd4w-dffm
14
vulnerability VCID-vpq4-7mh6-duhr
15
vulnerability VCID-wkhk-mjja-fuhm
16
vulnerability VCID-xnex-jd9w-ruaz
17
vulnerability VCID-za3r-74rm-bkfe
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.8.0
aliases CVE-2022-1430, GHSA-x7r7-wmj8-vv5g, PYSEC-2022-200
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ze38-9vap-5yc1
Fixing_vulnerabilities
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/octoprint@1.4.0rc4