Package impact
PIP / nautobot
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44798 | high | — | 8.0 | 15d ago | Nautobot: GitRepository.current_head field should not be writable through REST API | |
| CVE-2026-44797 | high | — | 8.0 | 15d ago | Nautobot: Webhook definitions could be used for server-side request forgery (SSRF) | |
| CVE-2026-44796 | medium | — | 5.5 | 15d ago | Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS) | |
| CVE-2026-44794 | medium | — | 5.5 | 15d ago | Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference | |
| CVE-2025-49142 | medium | — | 5.5 | 1y ago | Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configu… |