Movatterモバイル変換

Skip to content

home-assistant/corePublic

NotificationsYou must be signed in to change notification settings
Fork36.2k
Star83.2k

Security

Report a vulnerability

SECURITY.md

Security Policy

Information on Home Assistant's security policies and guidelinescan be found on our website:

https://www.home-assistant.io/security

Stored XSS in graph tooltip from entity name
GHSA-mq77-rv97-285m publishedOct 14, 2025 bybramkragten
High
SSL validation for outgoing requests in core and used libs not correct
GHSA-m3pm-rpgg-5wj6 publishedFeb 18, 2025 byMartinHjelmare
High
User accounts disclosed to unauthenticated actors on the LAN
GHSA-jqpc-rc7g-vf83 publishedDec 14, 2023 byfrenck
Moderate
Account takeover via auth_callback login
GHSA-qhhj-7hrc-gqj5 publishedOct 19, 2023 byfrenck
Low
Full takeover via javascript URI in auth_callback login
GHSA-jvxq-x42r-f7mv publishedOct 19, 2023 byfrenck
Critical
Local-only webhooks externally accessible via SniTun
GHSA-wx3j-3v2j-rf45 publishedOct 19, 2023 byfrenck
Low
Fake WS server installation permits full takeover
GHSA-cr83-q7r2-7f5q publishedOct 19, 2023 byfrenck
Critical
Lack of XFO header allows clickjacking
GHSA-935v-rmg9-44mw publishedOct 19, 2023 byfrenck
Critical
Actions expression injection in `helpers/version/action.yml`
GHSA-jff5-5j3g-vhqc publishedOct 19, 2023 byfrenck
Low
Arbitrary URL load in Android WebView in `MyActivity.kt`
GHSA-jvpm-q3hq-86rg publishedOct 19, 2023 byfrenck
High

Learn more about advisories related tohome-assistant/core in theGitHub Advisory Database

[8]ページ先頭

©2009-2025 Movatter.jp