Home/Product/home assistant home assistant
Product

home assistant home assistant

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33045
>= 2025.2.0 and < 2026.1.0
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and
5.4MEDIUM
 CVE-2026-33044
>= 2020.02 and < 2026.1.0
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and
5.4MEDIUM
 CVE-2025-65713
< 2025.8.0
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file
4.0MEDIUM
 CVE-2023-50715
< 2023.12.3
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accou
4.3MEDIUM
 CVE-2023-41894
< 2023.9.0
Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are tri
5.3MEDIUM
 CVE-2023-41893
< 2023.9.0
Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirect_uri and client_id ar
4.3MEDIUM
 CVE-2023-44385
< 2023.7
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers m
8.6HIGH
 CVE-2023-41899
< 2023.9.0
Home assistant is an open source home automation. In affected versions the hassio.addon_stdin is vulnerable to a partial Server-
6.6MEDIUM
 CVE-2023-41898
< 2023.9.2
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerabl
8.6HIGH
 CVE-2023-41897
< 2023.9.0
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Fr
8.8HIGH
 CVE-2023-41896
< 8.2.0
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected
7.1HIGH
 CVE-2023-41895
< 2023.9.0
Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant cre
8.8HIGH
 CVE-2023-27482
< 2023.3.0
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing
10.0CRITICAL
 CVE-2020-36517
all versions
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to ga
7.5HIGH
 CVE-2021-3152
< 2021.1.3
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custo
5.3MEDIUM
 CVE-2018-21019
< 0.67.0
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the appl
7.5HIGH
 CVE-2017-16782
<= 0.56.2
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text,
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh