Security

Report a vulnerability

SECURITY.md

Security Policy

Information on Home Assistant's security policies and guidelines can be found on our website:

https://www.home-assistant.io/security

Lack of XFO header allows clickjacking
GHSA-935v-rmg9-44mw published Oct 19, 2023 by frenck

Critical
Actions expression injection in `helpers/version/action.yml`
GHSA-jff5-5j3g-vhqc published Oct 19, 2023 by frenck

Low
Arbitrary URL load in Android WebView in `MyActivity.kt`
GHSA-jvpm-q3hq-86rg published Oct 19, 2023 by frenck

High
Partial Server-Side Request Forgery in Core
GHSA-4r74-h49q-rr3h published Oct 19, 2023 by frenck

Low
Client-Side Request Forgery in iOS/macOS native Apps
GHSA-h2jp-7grc-9xpp published Oct 19, 2023 by frenck

High
Authentication bypass Supervisor API
GHSA-2j8f-h4mr-qr25 published Mar 8, 2023 by frenck

Critical

Learn more about advisories related to home-assistant/core in the GitHub Advisory Database