Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/nautobot@2.3.11
Typepypi
Namespace
Namenautobot
Version2.3.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.33
Latest_non_vulnerable_version3.1.2
Affected_by_vulnerabilities
0
url VCID-7hyy-vgqn-hkfy
vulnerability_id VCID-7hyy-vgqn-hkfy
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49143
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45516
published_at 2026-06-12T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45367
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49143
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49143
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49143
3
reference_url https://github.com/nautobot/nautobot/pull/6672
reference_id 6672
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/
url https://github.com/nautobot/nautobot/pull/6672
4
reference_url https://github.com/nautobot/nautobot/pull/6703
reference_id 6703
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/
url https://github.com/nautobot/nautobot/pull/6703
5
reference_url https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340
reference_id 9c892dc300429948a4714f743c9c2879d8987340
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/
url https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340
6
reference_url https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95
reference_id d99a53b065129cff3a0fa9abe7355a9ef1ad4c95
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/
url https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95
7
reference_url https://github.com/advisories/GHSA-rh67-4c8j-hjjh
reference_id GHSA-rh67-4c8j-hjjh
reference_type
scores
url https://github.com/advisories/GHSA-rh67-4c8j-hjjh
8
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh
reference_id GHSA-rh67-4c8j-hjjh
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh
fixed_packages
0
url pkg:pypi/nautobot@2.4.10
purl pkg:pypi/nautobot@2.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmdc-184u-9ya3
1
vulnerability VCID-kzek-vx11-p3db
2
vulnerability VCID-n6my-hv54-7kfv
3
vulnerability VCID-p5ay-27ca-8ydh
4
vulnerability VCID-zaze-en93-tker
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.10
aliases CVE-2025-49143, GHSA-rh67-4c8j-hjjh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hyy-vgqn-hkfy
1
url VCID-fmdc-184u-9ya3
vulnerability_id VCID-fmdc-184u-9ya3
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44797
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11492
published_at 2026-06-11T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11569
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44797
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44797
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44797
3
reference_url https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4
reference_id 16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/
url https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4
4
reference_url https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08
reference_id 7324c8f0d8c7245fbc691e15d729adc2d2707d08
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/
url https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08
5
reference_url https://github.com/advisories/GHSA-c35q-vxrp-ph26
reference_id GHSA-c35q-vxrp-ph26
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c35q-vxrp-ph26
6
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26
reference_id GHSA-c35q-vxrp-ph26
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26
7
reference_url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
reference_id v2.4.33
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/
url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
8
reference_url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
reference_id v3.1.2
reference_type
scores
0
value 8.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/
url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
fixed_packages
0
url pkg:pypi/nautobot@2.4.33
purl pkg:pypi/nautobot@2.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33
1
url pkg:pypi/nautobot@3.1.2
purl pkg:pypi/nautobot@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2
aliases CVE-2026-44797, GHSA-c35q-vxrp-ph26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmdc-184u-9ya3
2
url VCID-jcyt-t5f3-4khn
vulnerability_id VCID-jcyt-t5f3-4khn
summary Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49142
reference_id
reference_type
scores
0
value 0.0018
scoring_system epss
scoring_elements 0.39416
published_at 2026-06-11T12:55:00Z
1
value 0.0018
scoring_system epss
scoring_elements 0.39586
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49142
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2025-74.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2025-74.yaml
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/nautobot/PYSEC-2025-79.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/nautobot/PYSEC-2025-79.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49142
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49142
5
reference_url https://github.com/nautobot/nautobot/pull/7417
reference_id 7417
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/
url https://github.com/nautobot/nautobot/pull/7417
6
reference_url https://github.com/nautobot/nautobot/pull/7429
reference_id 7429
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/
url https://github.com/nautobot/nautobot/pull/7429
7
reference_url https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description
reference_id #alters-data-description
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/
url https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description
8
reference_url https://github.com/advisories/GHSA-wjw6-95h5-4jpx
reference_id GHSA-wjw6-95h5-4jpx
reference_type
scores
url https://github.com/advisories/GHSA-wjw6-95h5-4jpx
9
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx
reference_id GHSA-wjw6-95h5-4jpx
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx
10
reference_url https://jinja.palletsprojects.com/en/stable/sandbox
reference_id sandbox
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/
url https://jinja.palletsprojects.com/en/stable/sandbox
fixed_packages
0
url pkg:pypi/nautobot@2.4.10
purl pkg:pypi/nautobot@2.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmdc-184u-9ya3
1
vulnerability VCID-kzek-vx11-p3db
2
vulnerability VCID-n6my-hv54-7kfv
3
vulnerability VCID-p5ay-27ca-8ydh
4
vulnerability VCID-zaze-en93-tker
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.10
aliases CVE-2025-49142, GHSA-wjw6-95h5-4jpx, PYSEC-2025-74, PYSEC-2025-79
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcyt-t5f3-4khn
3
url VCID-kzek-vx11-p3db
vulnerability_id VCID-kzek-vx11-p3db
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot's REST API failed to enforce user "view" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44794
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06886
published_at 2026-06-11T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06911
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44794
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44794
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44794
3
reference_url https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b
reference_id 36cde7148a207234de6212ec074f321dbc9d1b5b
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/
url https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b
4
reference_url https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1
reference_id 9918bdb9bcf1eb42cda72c344f420a64ef7665f1
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/
url https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1
5
reference_url https://github.com/advisories/GHSA-wpxj-44w3-2j6x
reference_id GHSA-wpxj-44w3-2j6x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpxj-44w3-2j6x
6
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x
reference_id GHSA-wpxj-44w3-2j6x
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x
7
reference_url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
reference_id v2.4.33
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/
url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
8
reference_url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
reference_id v3.1.2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/
url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
fixed_packages
0
url pkg:pypi/nautobot@2.4.33
purl pkg:pypi/nautobot@2.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33
1
url pkg:pypi/nautobot@3.1.2
purl pkg:pypi/nautobot@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2
aliases CVE-2026-44794, GHSA-wpxj-44w3-2j6x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzek-vx11-p3db
4
url VCID-n6my-hv54-7kfv
vulnerability_id VCID-n6my-hv54-7kfv
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44798
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17891
published_at 2026-06-11T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.1805
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44798
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44798
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44798
3
reference_url https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609
reference_id 9deddfc91ad9260ad17b5e20084e9e2d15be3609
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/
url https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609
4
reference_url https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3
reference_id c46f97040b2bde4320be36b23577f19a8bcbd8c3
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/
url https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3
5
reference_url https://github.com/advisories/GHSA-p3hx-pwf3-j8wr
reference_id GHSA-p3hx-pwf3-j8wr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p3hx-pwf3-j8wr
6
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr
reference_id GHSA-p3hx-pwf3-j8wr
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr
7
reference_url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
reference_id v2.4.33
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/
url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
8
reference_url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
reference_id v3.1.2
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/
url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
fixed_packages
0
url pkg:pypi/nautobot@2.4.33
purl pkg:pypi/nautobot@2.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33
1
url pkg:pypi/nautobot@3.1.2
purl pkg:pypi/nautobot@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2
aliases CVE-2026-44798, GHSA-p3hx-pwf3-j8wr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6my-hv54-7kfv
5
url VCID-p5ay-27ca-8ydh
vulnerability_id VCID-p5ay-27ca-8ydh
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44796
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15358
published_at 2026-06-11T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15494
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44796
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44796
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44796
3
reference_url https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd
reference_id 5a30d0916953afbeedd24a784709e762cc3879cd
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/
url https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd
4
reference_url https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee
reference_id c2b766966d814a7141f62c7bc90c85fefb7892ee
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/
url https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee
5
reference_url https://github.com/advisories/GHSA-qrpw-gjvh-x5gm
reference_id GHSA-qrpw-gjvh-x5gm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrpw-gjvh-x5gm
6
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm
reference_id GHSA-qrpw-gjvh-x5gm
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm
7
reference_url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
reference_id v2.4.33
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/
url https://github.com/nautobot/nautobot/releases/tag/v2.4.33
8
reference_url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
reference_id v3.1.2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/
url https://github.com/nautobot/nautobot/releases/tag/v3.1.2
fixed_packages
0
url pkg:pypi/nautobot@2.4.33
purl pkg:pypi/nautobot@2.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33
1
url pkg:pypi/nautobot@3.1.2
purl pkg:pypi/nautobot@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2
aliases CVE-2026-44796, GHSA-qrpw-gjvh-x5gm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ay-27ca-8ydh
6
url VCID-zaze-en93-tker
vulnerability_id VCID-zaze-en93-tker
summary Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34203
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02251
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02255
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34203
1
reference_url https://github.com/nautobot/nautobot
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/nautobot/nautobot
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34203
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34203
3
reference_url https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598
reference_id 589f7caf54124ad76bc9fcbb7bdcaa25627cd598
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/
url https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598
4
reference_url https://github.com/nautobot/nautobot/pull/8778
reference_id 8778
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/
url https://github.com/nautobot/nautobot/pull/8778
5
reference_url https://github.com/nautobot/nautobot/pull/8779
reference_id 8779
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/
url https://github.com/nautobot/nautobot/pull/8779
6
reference_url https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9
reference_id d1ef3135aa02fa07de061e8c085f8cce425fe8c9
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/
url https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9
7
reference_url https://github.com/advisories/GHSA-xmpv-j7p2-j873
reference_id GHSA-xmpv-j7p2-j873
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmpv-j7p2-j873
8
reference_url https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873
reference_id GHSA-xmpv-j7p2-j873
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/
url https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873
fixed_packages
0
url pkg:pypi/nautobot@2.4.30
purl pkg:pypi/nautobot@2.4.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmdc-184u-9ya3
1
vulnerability VCID-kzek-vx11-p3db
2
vulnerability VCID-n6my-hv54-7kfv
3
vulnerability VCID-p5ay-27ca-8ydh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.30
1
url pkg:pypi/nautobot@3.0.0a2
purl pkg:pypi/nautobot@3.0.0a2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmdc-184u-9ya3
1
vulnerability VCID-kzek-vx11-p3db
2
vulnerability VCID-n6my-hv54-7kfv
3
vulnerability VCID-p5ay-27ca-8ydh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.0.0a2
2
url pkg:pypi/nautobot@3.0.10
purl pkg:pypi/nautobot@3.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fmdc-184u-9ya3
1
vulnerability VCID-kzek-vx11-p3db
2
vulnerability VCID-n6my-hv54-7kfv
3
vulnerability VCID-p5ay-27ca-8ydh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.0.10
aliases CVE-2026-34203, GHSA-xmpv-j7p2-j873
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zaze-en93-tker
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.3.11