{"url":"http://public2.vulnerablecode.io/api/packages/69820?format=json","purl":"pkg:pypi/motioneye@0.33.3","type":"pypi","namespace":"","name":"motioneye","version":"0.33.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.43.1b5","latest_non_vulnerable_version":"0.43.1b5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208588?format=json","vulnerability_id":"VCID-19se-6amw-xbhq","summary":"MotionEye allows attackers to access sensitive information","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25568","reference_id":"","reference_type":"","scores":[{"value":"0.8531","scoring_system":"epss","scoring_elements":"0.99384","published_at":"2026-06-12T12:55:00Z"},{"value":"0.8531","scoring_system":"epss","scoring_elements":"0.99381","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25568"},{"reference_url":"https://github.com/ccrisan/motioneye/issues/2292","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ccrisan/motioneye/issues/2292"},{"reference_url":"https://github.com/motioneye-project/motioneye","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/motioneye-project/motioneye"},{"reference_url":"https://github.com/motioneye-project/motioneye/commit/c60b64af5bb8c09189071522a1f6796cb44340b0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/motioneye-project/motioneye/commit/c60b64af5bb8c09189071522a1f6796cb44340b0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2022-43141.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/motioneye/PYSEC-2022-43141.yaml"},{"reference_url":"https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure"},{"reference_url":"https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25568","reference_id":"CVE-2022-25568","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25568"},{"reference_url":"https://github.com/advisories/GHSA-2c7w-v459-cwgf","reference_id":"GHSA-2c7w-v459-cwgf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2c7w-v459-cwgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19838?format=json","purl":"pkg:pypi/motioneye@0.43.1b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z93-3ahx-hfae"},{"vulnerability":"VCID-61vg-qm9f-gbhp"},{"vulnerability":"VCID-ntf9-j7zg-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/motioneye@0.43.1b1"}],"aliases":["CVE-2022-25568","GHSA-2c7w-v459-cwgf","PYSEC-2022-43141"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19se-6amw-xbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212279?format=json","vulnerability_id":"VCID-61vg-qm9f-gbhp","summary":"Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60787","reference_id":"CVE-2025-60787","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60787"},{"reference_url":"https://github.com/advisories/GHSA-26f6-wm47-7h7j","reference_id":"GHSA-26f6-wm47-7h7j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-26f6-wm47-7h7j"}],"fixed_packages":[],"aliases":["GHSA-26f6-wm47-7h7j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61vg-qm9f-gbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207623?format=json","vulnerability_id":"VCID-akjw-q2d4-d7ac","summary":"Unrestricted Upload of File with Dangerous Type in motionEye","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44255","reference_id":"","reference_type":"","scores":[{"value":"0.13636","scoring_system":"epss","scoring_elements":"0.94431","published_at":"2026-06-12T12:55:00Z"},{"value":"0.13636","scoring_system":"epss","scoring_elements":"0.94411","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44255"},{"reference_url":"https://github.com/ccrisan/motioneye","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ccrisan/motioneye"},{"reference_url":"https://github.com/ccrisan/motioneyeos/issues/2843","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ccrisan/motioneyeos/issues/2843"},{"reference_url":"https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye"},{"reference_url":"https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye/","reference_id":"","reference_type":"","scores":[],"url":"https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44255","reference_id":"CVE-2021-44255","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44255"},{"reference_url":"https://github.com/advisories/GHSA-m2c7-42rf-c62f","reference_id":"GHSA-m2c7-42rf-c62f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2c7-42rf-c62f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18888?format=json","purl":"pkg:pypi/motioneye@0.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19se-6amw-xbhq"},{"vulnerability":"VCID-61vg-qm9f-gbhp"},{"vulnerability":"VCID-akjw-q2d4-d7ac"},{"vulnerability":"VCID-ntf9-j7zg-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/motioneye@0.42.1"}],"aliases":["CVE-2021-44255","GHSA-m2c7-42rf-c62f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akjw-q2d4-d7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97014?format=json","vulnerability_id":"VCID-ntf9-j7zg-zqes","summary":"MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60787","reference_id":"","reference_type":"","scores":[{"value":"0.57917","scoring_system":"epss","scoring_elements":"0.98223","published_at":"2026-06-12T12:55:00Z"},{"value":"0.57917","scoring_system":"epss","scoring_elements":"0.98217","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-60787"},{"reference_url":"https://github.com/motioneye-project/motioneye","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/motioneye-project/motioneye"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52481.txt","reference_id":"CVE-2025-60787","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52481.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60787","reference_id":"CVE-2025-60787","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60787"},{"reference_url":"https://github.com/advisories/GHSA-j945-qm58-4gjx","reference_id":"GHSA-j945-qm58-4gjx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j945-qm58-4gjx"},{"reference_url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-j945-qm58-4gjx","reference_id":"GHSA-j945-qm58-4gjx","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/motioneye-project/motioneye/security/advisories/GHSA-j945-qm58-4gjx"},{"reference_url":"http://motioneye-project.com","reference_id":"motioneye-project.com","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-03T14:57:27Z/"}],"url":"http://motioneye-project.com"},{"reference_url":"https://github.com/prabhatverma47/motionEye-RCE-through-config-parameter","reference_id":"motionEye-RCE-through-config-parameter","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-03T14:57:27Z/"}],"url":"https://github.com/prabhatverma47/motionEye-RCE-through-config-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34989?format=json","purl":"pkg:pypi/motioneye@0.43.1b5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/motioneye@0.43.1b5"}],"aliases":["CVE-2025-60787","GHSA-j945-qm58-4gjx"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntf9-j7zg-zqes"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/motioneye@0.33.3"}