homeassistant
condav2022.6.3Open source home automation that puts local control and privacy first.
License Apache-2.0permissive61 versions1 maintainers0 deps894 weekly dl
home-assistant/core47
/ 100
Health
update required
[email protected] has vulnerabilities — update to latest
Update to >= 2023.9.0 to fix known vulnerabilities
- 1 high severity vulnerabilities
Health breakdown0 – 100
5/25
maintenance
3/20
popularity
12/25
security
15/15
maturity
12/15
community
Vulnerabilities
6
1 high4 medium1 low
Advisories (6)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| medium | CVE-2023-50715 | User accounts disclosed to unauthenticated actors on the LAN | 2023.12.3 |
| high | CVE-2025-25305 | Home Assistant does not correctly validate SSL for outgoing requests in core and used libs | 2024.1.6 |
| medium | CVE-2025-65713 | Home Assistant Core before is vulnerable to Directory Traversal | 2025.8.0 |
| medium | CVE-2023-41893 | Home Assistant vulnerable to account takeover via auth_callback login | 2023.9.0 |
| low | CVE-2026-33044 | Home Assistant has stored XSS in Map-card through malicious device name | 2026.01 |
| medium | CVE-2023-41893 | Home assistant is an open source home automation. The audit team’s analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to | 2023.9.0 |
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/conda/homeassistantFirst published · 2021-10-01 00:53:27.549000+00:00
Last updated · 2025-04-22 14:58:01.617000+00:00