pkg:PyPI/octoprint

38 total CVEsHIGH9MEDIUM25LOW3

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2025-58180OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
    from 0, < 1.11.3
  • HIGH8.8CVE-2022-3068OctoPrint Improper Privilege Management vulnerability
    from 0, < ef95ef1c101b79394f134e8fce000e6bae046571 | from 0, < 1.8.3
  • HIGH8.8CVE-2022-3068OctoPrint Improper Privilege Management vulnerability
    from 0, < 1.8.3
  • HIGH7.5CVE-2022-1430Cross-site Scripting in OctoPrint
    from 0, < 1.8.0
  • HIGH7.5CVE-2022-1430Cross-site Scripting in OctoPrint
    from 0, < 8087528e4a7ddd15c7d95ff662deb5ef7de90045 | from 0, < 1.8.0
  • HIGH7.5CVE-2022-1432Cross-site Scripting in OctoPrint
    from 0, < 6d259d7e6f5b0de9a1c762831537a386e53978d3 | from 0, < 1.8.0
  • HIGH7.5CVE-2022-1432Cross-site Scripting in OctoPrint
    from 0, < 1.8.0
  • HIGH7.1CVE-2024-32977OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
    from 0, < 5afbec8d23508edc25b0f1bdef1620580136add4, < 5afbec8d23508edc25b0f1bdef1620580136add4 | from 0, < 1.10.1
  • HIGH7.1CVE-2024-32977OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
    from 0, < 1.10.1
  • MEDIUM6.5CVE-2025-48879OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
    from 0, < 1.11.2
  • MEDIUM6.5CVE-2023-41047OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
    from 0, < d0072cff894509c77e243d6562245ad3079e17db | from 0, < 1.9.3
  • MEDIUM6.5CVE-2023-41047OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
    from 0, < 1.9.3
  • MEDIUM6.5CVE-2021-32560OctoPrint Incorrect Access Control
    from 0, < 1.6.0
  • MEDIUM6.5CVE-2021-32560OctoPrint Incorrect Access Control
    from 0, < 1.6.0
  • MEDIUM6.1CVE-2021-32561OctoPrint API Error Messages vulnerable to XSS
    from 0, < 1.6.0
  • MEDIUM6.1CVE-2021-32561OctoPrint API Error Messages vulnerable to XSS
    from 0, < 1.6.0
  • MEDIUM6.0CVE-2022-3607OctoPrint vulnerable to Special Element Injection
    from 0, < 3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e | from 0, < 1.8.3
  • MEDIUM6.0CVE-2022-3607OctoPrint vulnerable to Special Element Injection
    from 0, < 1.8.3
  • MEDIUM5.9CVE-2026-23892OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
    from 0, < 1.11.6
  • MEDIUM5.5CVE-2024-49377OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
    from 0, < 1.10.3
  • MEDIUM5.5CVE-2024-49377OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
    from 0, < 1.10.3
  • MEDIUM5.4CVE-2025-48067OctoPrint vulnerable to possible file extraction via upload endpoints
    from 0, < 1.11.2
  • MEDIUM5.3CVE-2024-51493OctoPrint has API key access in settings without reauthentication
    from 0, < 1.10.3
  • MEDIUM5.3CVE-2024-51493OctoPrint has API key access in settings without reauthentication
    from 0, < 1.10.3
  • MEDIUM5.3CVE-2022-2930Unverified Password Change in OctoPrint
    from 0, < 1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f | from 0, < 1.8.3
  • MEDIUM5.3CVE-2022-2930Unverified Password Change in OctoPrint
    from 0, < 1.8.3
  • MEDIUM4.4CVE-2022-2888OctoPrint vulnerable to Insufficient Session Expiration.
    from 0, < 40e6217ac1a85cc5ed592873ae49db01d3005da4 | from 0, < 1.8.3
  • MEDIUM4.4CVE-2022-2888OctoPrint vulnerable to Insufficient Session Expiration.
    from 0, < 1.8.3
  • MEDIUM4.3CVE-2025-32788OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
    from 0, < 41ff431014edfa18ca1a01897b10463934dc7fc2 | from 0, < 1.11.0
  • MEDIUM4.3CVE-2025-32788OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
    from 0, < 1.11.0
  • MEDIUM4.2CVE-2024-23637OctoPrint Unverified Password Change via Access Control Settings
    from 0, < 1.10.0rc1
  • MEDIUM4.2CVE-2024-23637OctoPrint Unverified Password Change via Access Control Settings
    from 0, < 1729d167b4ae4a5835bbc7211b92c6828b1c4125 | from 0, < 1.10.0rc1
  • MEDIUM4.0CVE-2024-28237XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
    from 0, < 779894c1bc6478332d14bc9ed1006df1354eb517, < 779894c1bc6478332d14bc9ed1006df1354eb517 | from 0, < 1.10.0
  • MEDIUM4.0CVE-2024-28237XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
    from 0, < 1.10.0rc3
  • LOW3.7CVE-2022-2872OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
    from 0, < 1.8.3
  • LOW3.7CVE-2022-2872OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
    from 0, < 3e3c11811e216fb371a33e28412df83f9701e5b0 | from 0, < 1.8.3
  • LOW3.7CVE-2022-2822OctoPrint does not have rate limiting on the login page
    from 0, <= 1.7.3
  • CVE-2025-64187OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
    from 0, < 1.11.4