OctoPrint's security policy can be found here.
Security: OctoPrint/OctoPrint
Security
SECURITY.md
-
API key access in settings without reauthenticationGHSA-cc6x-8cc7-9953 published
Nov 5, 2024 by fooselModerate -
Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrintGHSA-xvxq-g8hw-fx4g published
Nov 5, 2024 by fooselModerate -
Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabledGHSA-2vjq-hg5w-5gm7 published
May 14, 2024 by fooselHigh -
XSS via the "Snapshot Test" feature in Classic Webcam plugin settingsGHSA-x7mf-wrh9-r76c published
Mar 18, 2024 by fooselModerate -
Unverified Password Change via Access Control SettingsGHSA-5626-pw9c-hmjr published
Jan 31, 2024 by fooselModerate -
Improper Neutralization of Special Elements Used in a Template Engine in OctoPrintGHSA-fwfg-vprh-97ph published
Oct 9, 2023 by fooselModerate
Learn more about advisories related to OctoPrint/OctoPrint in the GitHub Advisory Database