Home Assistant Companion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Home Assistant Companion.
By the Year
In 2026 there have been 0 vulnerabilities in Home Assistant Companion. Home Assistant Companion did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 8.30 |
It may take a day or so for new Home Assistant Companion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Home Assistant Companion Security Vulnerabilities
Home Assistant Companion iOS/MacOS <=2023.4 Client-Side Request Forgery
CVE-2023-44385
8.8 - High
- October 19, 2023
The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this security advisory, may result in full compromise and remote code execution (RCE). Version 2023.7 addresses this issue and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-161.
Session Riding
Home Assistant Android App <2023.8.2 Vulnerable to WebView URL Loading (CVE-2023-41898)
CVE-2023-41898
7.8 - High
- October 19, 2023
Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2023-142`.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Home Assistant Companion or by Home Assistant? Click the Watch button to subscribe.
