Known Vulnerabilities for products from Pi-hole
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Pi-hole".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33765 | Not Provided | 2026-03-27 | 2026-04-01 | |
| CVE-2022-23513 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-12-23 | 2023-09-04 |
| CVE-2021-41175 | Pi-hole's Web interface (based on AdminLTE) provides a central location to manage one's Pi-hole and review the statistics gen... | 5.4 - MEDIUM | 2021-10-26 | 2021-10-28 |
| CVE-2021-32793 | Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to ... | 4.8 - MEDIUM | 2021-08-04 | 2021-08-12 |
| CVE-2021-32706 | Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to ... | 8.8 - HIGH | 2021-08-04 | 2022-04-25 |
| CVE-2021-29449 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulne... | 7.8 - HIGH | 2021-04-14 | 2022-08-02 |
| CVE-2021-29448 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hol... | 8.8 - HIGH | 2021-04-15 | 2021-05-14 |
| CVE-2021-3812 | adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 - MEDIUM | 2021-09-17 | 2021-09-28 |
| CVE-2021-3811 | adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 - MEDIUM | 2021-09-17 | 2021-09-28 |
| CVE-2021-3706 | adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | 7.5 - HIGH | 2021-09-15 | 2022-10-25 |
| CVE-2020-35659 | The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly... | 6.1 - MEDIUM | 2020-12-24 | 2020-12-28 |
| CVE-2020-35592 | Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary we... | 5.4 - MEDIUM | 2021-02-18 | 2021-02-24 |
| CVE-2020-35591 | Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is... | 5.4 - MEDIUM | 2021-02-18 | 2021-02-26 |
| CVE-2020-14971 | Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files... | 7.8 - HIGH | 2020-06-23 | 2021-07-21 |
| CVE-2020-14162 | An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script... | 7.8 - HIGH | 2020-07-30 | 2021-07-21 |
| CVE-2020-12620 | Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (she... | 7.8 - HIGH | 2020-07-30 | 2021-07-21 |
| CVE-2020-11108 | The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused fo... | 8.8 - HIGH | 2020-05-11 | 2020-05-27 |
| CVE-2020-8816 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 7.2 - HIGH | 2020-05-29 | 2022-07-12 |
| CVE-2019-13051 | Pi-Hole 4.3 allows Command Injection. | 8.8 - HIGH | 2019-10-09 | 2019-10-11 |
Known software with vulnerabilities from Pi-hole
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pi-hole | Pi-hole | 2.0 |