Every CVE whose affected-product data names Home-assistant, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-27482 — CVSS 10.0 (critical): homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the…
CVE-2023-41895 — CVSS 8.8 (high): Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials…
CVE-2023-41897 — CVSS 8.8 (high): Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the…
CVE-2026-54317 — CVSS 7.6 (high): Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected…
CVE-2018-21019 — CVSS 7.5 (high): Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's…
CVE-2020-36517 — CVSS 7.5 (high): An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain…
CVE-2023-41896 — CVSS 7.1 (high): Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected…
CVE-2023-41899 — CVSS 6.6 (medium): Home assistant is an open source home automation. In affected versions the `hassio.addon_stdin` is vulnerable to a partial Server-Side…
CVE-2017-16782 — CVSS 6.1 (medium): In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
CVE-2026-33044 — CVSS 5.4 (medium): Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to…
CVE-2026-33045 — CVSS 5.4 (medium): Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to…
CVE-2023-41894 — CVSS 5.3 (medium): Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable…
CVE-2021-3152 — CVSS 5.3 (medium): Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom…
CVE-2023-50715 — CVSS 4.3 (medium): Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to…
CVE-2023-41893 — CVSS 4.3 (medium): Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are…
CVE-2025-65713 — CVSS 4.0 (medium): Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths…