CVE-2026-23892

< 1.11.6

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affecte

5.9MEDIUM

CVE-2025-64187

< 1.11.4

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability

4.4MEDIUM

CVE-2025-58180

< 1.11.3

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain

8.8HIGH

CVE-2025-48879

< 1.11.2

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipu

6.5MEDIUM

CVE-2025-48067

< 1.11.2

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain

5.4MEDIUM

CVE-2025-32788

< 1.11.0

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a v

4.3MEDIUM

CVE-2024-51493

< 1.10.3

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain

5.3MEDIUM

CVE-2024-49377

< 1.10.3

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain

5.5MEDIUM

CVE-2024-32977

< 1.10.1

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain

7.1HIGH

CVE-2024-28237

< 1.10.0

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a

4.0MEDIUM

CVE-2024-23637

<= 1.9.3

OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows

4.2MEDIUM

CVE-2023-41047

< 1.9.3

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows

6.2MEDIUM

CVE-2022-3607

< 1.8.3

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint p

6.0MEDIUM

CVE-2022-3068

< 1.8.3

Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.

8.8HIGH

CVE-2022-2888

< 1.8.3

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this

4.4MEDIUM

CVE-2022-2872

< 1.8.3

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.

5.4MEDIUM

CVE-2022-2930

< 1.8.3

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.

7.8HIGH

CVE-2022-2822

< 1.9.0

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwor

7.5HIGH

CVE-2022-1432

< 1.8.0

Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.

6.4MEDIUM

CVE-2022-1430

< 1.8.0

Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.

7.5HIGH

CVE-2021-32561

< 1.6.0

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

6.1MEDIUM

CVE-2021-32560

< 1.6.0

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.lo

6.5MEDIUM

CVE-2018-16710

<= 1.3.9

OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on

9.1CRITICAL