homeassistant

vulnerable: 0.10.0 ... 0.9.1 (188 versions)

Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.

vulnerable: 0.10.0 ... 2023.9.0b6 (1132 versions)

Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authe…

vulnerable: 0.10.0 ... 2023.9.3 (1170 versions)

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains…

vulnerable: 0.10.0 ... 2024.1.5 (1187 versions)

Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and…

vulnerable: 2025.1.0 ... 2025.9.4 (134 versions)

Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject m…