Frigate
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62382 | Hig | 0.50 | 7.7 | 0.00 | Oct 15, 2025 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied… | ||
| CVE-2024-32874 | Med | 0.37 | 6.8 | 0.01 | May 14, 2024 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service.… | ||
| CVE-2026-25643 | 0.03 | — | 0.03 | Feb 6, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the… | |||
| CVE-2023-45671 | 0.03 | — | 0.01 | Oct 30, 2023 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this… | |||
| CVE-2026-33470 | 0.00 | — | 0.00 | Mar 26, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems:… | |||
| CVE-2026-33469 | 0.00 | — | 0.00 | Mar 26, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through `/api/config/raw`. This exposes sensitive values that are intentionally… | |||
| CVE-2026-33126 | 0.00 | — | 0.00 | Mar 20, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can… | |||
| CVE-2026-33125 | 0.00 | — | 0.00 | Mar 20, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been… | |||
| CVE-2026-33124 | 0.00 | — | 0.00 | Mar 20, 2026 | Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/{username}/password endpoint.… | |||
| CVE-2023-45672 | 0.00 | — | 0.01 | Oct 30, 2023 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed… | |||
| CVE-2023-45670 | 0.00 | — | 0.00 | Oct 30, 2023 | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the… |
- risk 0.50cvss 7.7epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied…
- risk 0.37cvss 6.8epss 0.01
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service.…
- CVE-2026-25643Feb 6, 2026risk 0.03cvss —epss 0.03
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the…
- CVE-2023-45671Oct 30, 2023risk 0.03cvss —epss 0.01
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this…
- CVE-2026-33470Mar 26, 2026risk 0.00cvss —epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems:…
- CVE-2026-33469Mar 26, 2026risk 0.00cvss —epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through `/api/config/raw`. This exposes sensitive values that are intentionally…
- CVE-2026-33126Mar 20, 2026risk 0.00cvss —epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can…
- CVE-2026-33125Mar 20, 2026risk 0.00cvss —epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been…
- CVE-2026-33124Mar 20, 2026risk 0.00cvss —epss 0.00
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/{username}/password endpoint.…
- CVE-2023-45672Oct 30, 2023risk 0.00cvss —epss 0.01
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed…
- CVE-2023-45670Oct 30, 2023risk 0.00cvss —epss 0.00
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the…