VYPR

Frigate

by Blakeblackshear

pypi: frigate

Source repositories

CVEs (11)

  • CVE-2025-62382HigOct 15, 2025
    risk 0.50cvss 7.7epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied…

  • CVE-2024-32874MedMay 14, 2024
    risk 0.37cvss 6.8epss 0.01

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service.…

  • CVE-2026-25643Feb 6, 2026
    risk 0.03cvss epss 0.03

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the…

  • CVE-2023-45671Oct 30, 2023
    risk 0.03cvss epss 0.01

    Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this…

  • CVE-2026-33470Mar 26, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems:…

  • CVE-2026-33469Mar 26, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through `/api/config/raw`. This exposes sensitive values that are intentionally…

  • CVE-2026-33126Mar 20, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery (SSRF) attacks. An attacker can…

  • CVE-2026-33125Mar 20, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been…

  • CVE-2026-33124Mar 20, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/{username}/password endpoint.…

  • CVE-2023-45672Oct 30, 2023
    risk 0.00cvss epss 0.01

    Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed…

  • CVE-2023-45670Oct 30, 2023
    risk 0.00cvss epss 0.00

    Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the…