pkg:PyPI/esphome

All known vulnerabilities

• HIGH8.1CVE-2025-57808ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
  from 0, < 2025.8.1
• HIGH8.1CVE-2024-29019ESPHome vulnerable to Authentication bypass via Cross site request forgery
  >= 2023.12.9, < 2024.3.0
• HIGH7.5CVE-2021-41104Basic auth bypass in esphome
  from 0, < 2234f6aacf8cc653307fed80f3750317a82c4f83 | from 0, < 2021.9.2
• HIGH7.5Basic auth bypass in esphome
  from 0, < 2021.9.2
• HIGH7.2ESPHome vulnerable to remote code execution via arbitrary file write
  >= 2023.12.9, < 2024.2.1
• MEDIUM6.5esphome vulnerable to stored Cross-site Scripting in edit configuration file API
  >= 2023.12.9, < 2024.2.2
• —ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component
  >= 2025.9.0, < 2025.12.7