openc3
RubyGems8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting openc3page 1 of 1
- CVE-2024-43795MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.19.02024-10-02
vulnerable: 5.0.10 ... 5.9.1 (47 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5…
- CVE-2024-46977MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.19.02024-10-02
vulnerable: 5.0.10 ... 5.9.1 (47 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate …
- CVE-2024-47529MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.19.02024-10-02
vulnerable: 5.0.10 ... 5.9.1 (47 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user passw…
- CVE-2025-68271CRITICALCVSS 10.0EG 10.0✓ Fixed in 6.10.22026-01-13
vulnerable: 5.0.10 ... 6.9.2 (70 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-…
- CVE-2026-42084HIGHCVSS 8.1EG 8.1✓ Fixed in 7.0.0-rc32026-05-04
vulnerable: 7.0.0.pre.rc1, 7.0.0.pre.rc2
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password…
- CVE-2026-42085MEDIUMCVSS 4.3EG 4.3✓ Fixed in 7.0.0-rc32026-05-04
vulnerable: 7.0.0.pre.rc1, 7.0.0.pre.rc2
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that al…
- CVE-2026-42086MEDIUMCVSS 4.6EG 4.6✓ Fixed in 7.0.02026-05-04
vulnerable: 5.0.10 ... 7.0.0.pre.rc3 (78 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which al…
- CVE-2026-42087CRITICALCVSS 9.6EG 9.6✓ Fixed in 7.0.0-rc32026-05-04
vulnerable: 6.10.0 ... 7.0.0.pre.rc2 (15 versions)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB)…
Check whether openc3 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for openc3 CVEs against the assets you own.
Start Free Scan →