Vulnerabilities > Home Assistant

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2020-36517 Information Exposure Through Discrepancy vulnerability in Home-Assistant 2022.03
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
network
low complexity
home-assistant CWE-203
5.0
2021-01-26 CVE-2021-3152 Path Traversal vulnerability in Home-Assistant
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations.
network
low complexity
home-assistant CWE-22
5.3
2019-09-23 CVE-2018-21019 Information Exposure vulnerability in Home-Assistant
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
network
low complexity
home-assistant CWE-200
5.0
2017-11-10 CVE-2017-16782 Cross-site Scripting vulnerability in Home-Assistant
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
4.3