Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/grumpydictator/firefly-iii@4.1.2

Type composer

Namespace grumpydictator

Name firefly-iii

Version 4.1.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.17

Latest_non_vulnerable_version 6.5.1

Affected_by_vulnerabilities

url VCID-1bnk-b65m-tqg6

vulnerability_id VCID-1bnk-b65m-tqg6

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3819

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.34031
published_at	2026-06-05T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33929
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3819

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9

reference_url

https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3819
reference_id	CVE-2021-3819
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3819

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.1

purl pkg:composer/grumpydictator/firefly-iii@5.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1

aliases CVE-2021-3819, GHSA-356r-77q8-f64f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bnk-b65m-tqg6

url VCID-2xs8-eknt-gyap

vulnerability_id VCID-2xs8-eknt-gyap

summary Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1789

reference_id

reference_type

scores

value	0.00189
scoring_system	epss
scoring_elements	0.40593
published_at	2026-06-05T12:55:00Z

value	0.00189
scoring_system	epss
scoring_elements	0.40513
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1789

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/

url

https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5

reference_url

https://github.com/firefly-iii/firefly-iii/pull/7043

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/pull/7043

reference_url

https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/

url

https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1789

reference_id

CVE-2023-1789

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1789

reference_url	https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
reference_id	GHSA-mwxw-hxvp-4r2r
reference_type
scores
url	https://github.com/advisories/GHSA-mwxw-hxvp-4r2r

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.7.18

purl pkg:composer/grumpydictator/firefly-iii@5.7.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18

url pkg:composer/grumpydictator/firefly-iii@6.0.0

purl pkg:composer/grumpydictator/firefly-iii@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0

url pkg:composer/grumpydictator/firefly-iii@6.0.1

purl pkg:composer/grumpydictator/firefly-iii@6.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1

aliases CVE-2023-1789, GHSA-mwxw-hxvp-4r2r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xs8-eknt-gyap

url

VCID-4hdz-bgf3-hqbz

vulnerability_id

VCID-4hdz-bgf3-hqbz

summary

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3901

reference_id

reference_type

scores

value	0.0008
scoring_system	epss
scoring_elements	0.23779
published_at	2026-06-05T12:55:00Z

value	0.0008
scoring_system	epss
scoring_elements	0.23683
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3901

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2

reference_url

https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3901

reference_id

CVE-2021-3901

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3901

fixed_packages

aliases

CVE-2021-3901, GHSA-rqgp-ccph-5w65

risk_score

1.6

exploitability

0.5

weighted_severity

3.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4hdz-bgf3-hqbz

url VCID-5as2-q475-7fgv

vulnerability_id VCID-5as2-q475-7fgv

summary

Firefly III allows webhooks HTML Injection.
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22075

reference_id

reference_type

scores

value	0.00128
scoring_system	epss
scoring_elements	0.31815
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22075

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21

reference_url

https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/

url

https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1

reference_url

https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-22075

reference_id

CVE-2024-22075

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-22075

reference_url

https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/

reference_id

front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/

url

https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/

reference_url

https://github.com/advisories/GHSA-vwv2-9wcj-64vx

reference_id

GHSA-vwv2-9wcj-64vx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vwv2-9wcj-64vx

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@6.1.1

purl pkg:composer/grumpydictator/firefly-iii@6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1

aliases CVE-2024-22075, GHSA-vwv2-9wcj-64vx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5as2-q475-7fgv

url VCID-6ydw-rfb3-hbe3

vulnerability_id VCID-6ydw-rfb3-hbe3

summary Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1788

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45462
published_at	2026-06-05T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45393
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1788

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/

url

https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30

reference_url

https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/

url

https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1788

reference_id

CVE-2023-1788

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1788

reference_url	https://github.com/advisories/GHSA-h7vv-46p5-prmh
reference_id	GHSA-h7vv-46p5-prmh
reference_type
scores
url	https://github.com/advisories/GHSA-h7vv-46p5-prmh

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@6.0.0

purl pkg:composer/grumpydictator/firefly-iii@6.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0

aliases CVE-2023-1788, GHSA-h7vv-46p5-prmh

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ydw-rfb3-hbe3

url VCID-7j5p-xwqv-k3cf

vulnerability_id VCID-7j5p-xwqv-k3cf

summary

Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during `attachments/edit/$file_id$` attachment editing.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13645

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.5175
published_at	2026-06-04T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51809
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13645

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5

reference_url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_url

https://github.com/firefly-iii/firefly-iii/issues/2337

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/issues/2337

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13645

reference_id

CVE-2019-13645

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13645

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@4.7.17.3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-q2aw-rbww-nqc7

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-v5yd-vwys-f7hv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3

url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v5yd-vwys-f7hv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3

aliases CVE-2019-13645, GHSA-5hpw-vcj2-prwg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j5p-xwqv-k3cf

url VCID-951v-qu7n-4ybp

vulnerability_id VCID-951v-qu7n-4ybp

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3729

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30084
published_at	2026-06-04T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30157
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3729

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712

reference_url

https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3729

reference_id

CVE-2021-3729

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3729

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.0

purl pkg:composer/grumpydictator/firefly-iii@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0

aliases CVE-2021-3729, GHSA-gp6w-ccqv-p7qr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-951v-qu7n-4ybp

url VCID-ag6y-f8nh-5kej

vulnerability_id VCID-ag6y-f8nh-5kej

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3730

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.2917
published_at	2026-06-04T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29241
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3730

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6

reference_url

https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3730

reference_id

CVE-2021-3730

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3730

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.0

purl pkg:composer/grumpydictator/firefly-iii@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0

aliases CVE-2021-3730, GHSA-c676-mcw3-qg55

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ag6y-f8nh-5kej

url VCID-b23p-cn7c-k7av

vulnerability_id VCID-b23p-cn7c-k7av

summary

Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during `attachments/view/$file_id$` attachment viewing.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13647

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42845
published_at	2026-06-05T12:55:00Z

value	0.00206
scoring_system	epss
scoring_elements	0.42771
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13647

reference_url

https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc

reference_url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_url

https://github.com/firefly-iii/firefly-iii/issues/2338

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/issues/2338

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13647

reference_id

CVE-2019-13647

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13647

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@4.7.17.3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-q2aw-rbww-nqc7

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-v5yd-vwys-f7hv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3

url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v5yd-vwys-f7hv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3

aliases CVE-2019-13647, GHSA-pcxq-28f6-m3fm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b23p-cn7c-k7av

url VCID-cbss-79ng-p7an

vulnerability_id VCID-cbss-79ng-p7an

summary firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3663

reference_id

reference_type

scores

value	0.0016
scoring_system	epss
scoring_elements	0.36681
published_at	2026-06-05T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36587
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3663

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8

reference_url

https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13

reference_url

https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3663

reference_id

CVE-2021-3663

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3663

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.5.13

purl pkg:composer/grumpydictator/firefly-iii@5.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13

url pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1

purl pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1

aliases CVE-2021-3663, GHSA-56cx-wf47-hx7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbss-79ng-p7an

url VCID-cpwr-nyyb-afdf

vulnerability_id VCID-cpwr-nyyb-afdf

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3728

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.2917
published_at	2026-06-04T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29241
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3728

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e

reference_url

https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3728

reference_id

CVE-2021-3728

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3728

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.0

purl pkg:composer/grumpydictator/firefly-iii@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0

aliases CVE-2021-3728, GHSA-xp5q-77mh-6hm2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwr-nyyb-afdf

url VCID-f1nj-u7yz-zycr

vulnerability_id VCID-f1nj-u7yz-zycr

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3921

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30101
published_at	2026-06-04T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30173
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3921

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684

reference_url

https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3921

reference_id

CVE-2021-3921

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3921

reference_url

https://github.com/advisories/GHSA-q2cv-94xm-qvg4

reference_id

GHSA-q2cv-94xm-qvg4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q2cv-94xm-qvg4

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.3

purl pkg:composer/grumpydictator/firefly-iii@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3

aliases CVE-2021-3921, GHSA-q2cv-94xm-qvg4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1nj-u7yz-zycr

url

VCID-hbpp-jqk1-cubw

vulnerability_id

VCID-hbpp-jqk1-cubw

summary

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3900

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.46991
published_at	2026-06-04T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.47056
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3900

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635

reference_url

https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3900

reference_id

CVE-2021-3900

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3900

fixed_packages

aliases

CVE-2021-3900, GHSA-pfj7-w373-gqch

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpp-jqk1-cubw

url VCID-jfps-wzcx-vyfj

vulnerability_id VCID-jfps-wzcx-vyfj

summary

Firefly III has a MFA bypass in oauth flow
A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-37893

reference_id

reference_type

scores

value	0.00028
scoring_system	epss
scoring_elements	0.08441
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-37893

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://owasp.org/www-community/attacks/Password_Spraying_Attack

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/

url

https://owasp.org/www-community/attacks/Password_Spraying_Attack

reference_url

https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/

url

https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-37893

reference_id

CVE-2024-37893

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-37893

reference_url

https://github.com/advisories/GHSA-4gm4-c4mh-4p7w

reference_id

GHSA-4gm4-c4mh-4p7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4gm4-c4mh-4p7w

reference_url

https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w

reference_id

GHSA-4gm4-c4mh-4p7w

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/

url

https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w

fixed_packages

url	pkg:composer/grumpydictator/firefly-iii@6.1.17
purl	pkg:composer/grumpydictator/firefly-iii@6.1.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17

aliases CVE-2024-37893, GHSA-4gm4-c4mh-4p7w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfps-wzcx-vyfj

url VCID-pvmv-dy5p-pkbn

vulnerability_id VCID-pvmv-dy5p-pkbn

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4005

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.36737
published_at	2026-06-04T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.36829
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4005

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053

reference_url

https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-4005

reference_id

CVE-2021-4005

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-4005

reference_url

https://github.com/advisories/GHSA-hjhp-hwfj-hwf3

reference_id

GHSA-hjhp-hwfj-hwf3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hjhp-hwfj-hwf3

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.5

purl pkg:composer/grumpydictator/firefly-iii@5.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5

aliases CVE-2021-4005, GHSA-hjhp-hwfj-hwf3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvmv-dy5p-pkbn

url VCID-q2aw-rbww-nqc7

vulnerability_id VCID-q2aw-rbww-nqc7

summary

Cross-site Scripting
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.

references

reference_url	https://github.com/firefly-iii/firefly-iii/issues/3990
reference_id
reference_type
scores
url	https://github.com/firefly-iii/firefly-iii/issues/3990

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-27981
reference_id	CVE-2020-27981
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-27981

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.4.5

purl pkg:composer/grumpydictator/firefly-iii@5.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5

aliases CVE-2020-27981

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2aw-rbww-nqc7

url VCID-t96s-982j-d3fr

vulnerability_id VCID-t96s-982j-d3fr

summary

Incorrect Authorization
Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0298

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37322
published_at	2026-06-05T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.3723
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0298

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/

url

https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4

reference_url

https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/

url

https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-0298

reference_id

CVE-2023-0298

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0298

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.8.0

purl pkg:composer/grumpydictator/firefly-iii@5.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0

aliases CVE-2023-0298, GHSA-7mc4-jp4f-v2j2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t96s-982j-d3fr

url VCID-u76r-dx9g-5fcv

vulnerability_id VCID-u76r-dx9g-5fcv

summary firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3846

reference_id

reference_type

scores

value	0.00237
scoring_system	epss
scoring_elements	0.46975
published_at	2026-06-04T12:55:00Z

value	0.00237
scoring_system	epss
scoring_elements	0.47041
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3846

reference_url

https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b

reference_url

https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3846

reference_id

CVE-2021-3846

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3846

reference_url

https://github.com/advisories/GHSA-5gq7-826w-8282

reference_id

GHSA-5gq7-826w-8282

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5gq7-826w-8282

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.2

purl pkg:composer/grumpydictator/firefly-iii@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2

aliases CVE-2021-3846, GHSA-5gq7-826w-8282

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u76r-dx9g-5fcv

url VCID-v5yd-vwys-f7hv

vulnerability_id VCID-v5yd-vwys-f7hv

summary

Improper Input Validation
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14671

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16749
published_at	2026-06-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16829
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14671

reference_url

https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c

reference_url

https://github.com/firefly-iii/firefly-iii/issues/2367

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/issues/2367

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14671

reference_id

CVE-2019-14671

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14671

reference_url	https://github.com/advisories/GHSA-jjcx-999m-35hc
reference_id	GHSA-jjcx-999m-35hc
reference_type
scores
url	https://github.com/advisories/GHSA-jjcx-999m-35hc

fixed_packages

url	pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
purl	pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B4

url pkg:composer/grumpydictator/firefly-iii@4.7.17.4

purl pkg:composer/grumpydictator/firefly-iii@4.7.17.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-q2aw-rbww-nqc7

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.4

aliases CVE-2019-14671, GHSA-jjcx-999m-35hc

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5yd-vwys-f7hv

url VCID-v776-99j4-mua2

vulnerability_id VCID-v776-99j4-mua2

summary

Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the `tags/show/$tag_number$` tag summary page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13644

reference_id

reference_type

scores

value	0.00225
scoring_system	epss
scoring_elements	0.4525
published_at	2026-06-04T12:55:00Z

value	0.00225
scoring_system	epss
scoring_elements	0.45319
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13644

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a

reference_url

https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/

url

https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36

reference_url

https://github.com/firefly-iii/firefly-iii/issues/2335

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/

url

https://github.com/firefly-iii/firefly-iii/issues/2335

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13644

reference_id

CVE-2019-13644

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13644

fixed_packages

url	pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
purl	pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B1

url pkg:composer/grumpydictator/firefly-iii@4.7.17.1

purl pkg:composer/grumpydictator/firefly-iii@4.7.17.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-7j5p-xwqv-k3cf

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-b23p-cn7c-k7av

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-q2aw-rbww-nqc7

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-v5yd-vwys-f7hv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-xvtj-8abr-tuem

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.1

aliases CVE-2019-13644, GHSA-9xmx-rj7j-fv9q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v776-99j4-mua2

url VCID-vkg3-xm11-3qdh

vulnerability_id VCID-vkg3-xm11-3qdh

summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4015

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.36829
published_at	2026-06-05T12:55:00Z

value	0.00161
scoring_system	epss
scoring_elements	0.36737
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4015

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37

reference_url

https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5

reference_url

https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-4015

reference_id

CVE-2021-4015

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-4015

reference_url

https://github.com/advisories/GHSA-g6vq-wc8w-4g69

reference_id

GHSA-g6vq-wc8w-4g69

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g6vq-wc8w-4g69

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.4

purl pkg:composer/grumpydictator/firefly-iii@5.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4

url pkg:composer/grumpydictator/firefly-iii@5.6.5

purl pkg:composer/grumpydictator/firefly-iii@5.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5

aliases CVE-2021-4015, GHSA-g6vq-wc8w-4g69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkg3-xm11-3qdh

url VCID-wh6m-3mp3-gbfb

vulnerability_id VCID-wh6m-3mp3-gbfb

summary

URL Redirection to Untrusted Site ('Open Redirect')
firefly-iii is vulnerable to URL Redirection to Untrusted Site

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3851

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.37815
published_at	2026-06-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37906
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3851

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d

reference_url

https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3851

reference_id

CVE-2021-3851

reference_type

scores

value	5.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3851

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@5.6.2

purl pkg:composer/grumpydictator/firefly-iii@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2

aliases CVE-2021-3851, GHSA-5fvx-5p2r-4mvp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wh6m-3mp3-gbfb

url VCID-xvtj-8abr-tuem

vulnerability_id VCID-xvtj-8abr-tuem

summary

Cross-site Scripting
Firefly III is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13646

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51809
published_at	2026-06-05T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5175
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13646

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7

reference_url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa

reference_url

https://github.com/firefly-iii/firefly-iii/issues/2339

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/issues/2339

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-13646

reference_id

CVE-2019-13646

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13646

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@4.7.17.3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bnk-b65m-tqg6

vulnerability	VCID-2xs8-eknt-gyap

vulnerability	VCID-4hdz-bgf3-hqbz

vulnerability	VCID-5as2-q475-7fgv

vulnerability	VCID-6ydw-rfb3-hbe3

vulnerability	VCID-951v-qu7n-4ybp

vulnerability	VCID-ag6y-f8nh-5kej

vulnerability	VCID-cbss-79ng-p7an

vulnerability	VCID-cpwr-nyyb-afdf

vulnerability	VCID-f1nj-u7yz-zycr

vulnerability	VCID-hbpp-jqk1-cubw

vulnerability	VCID-jfps-wzcx-vyfj

vulnerability	VCID-pvmv-dy5p-pkbn

vulnerability	VCID-q2aw-rbww-nqc7

vulnerability	VCID-t96s-982j-d3fr

vulnerability	VCID-u76r-dx9g-5fcv

vulnerability	VCID-v5yd-vwys-f7hv

vulnerability	VCID-vkg3-xm11-3qdh

vulnerability	VCID-wh6m-3mp3-gbfb

vulnerability	VCID-zyzb-95vu-bfbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3

url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v5yd-vwys-f7hv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3

aliases CVE-2019-13646, GHSA-mrc2-h7q2-pp97

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvtj-8abr-tuem

url VCID-zyzb-95vu-bfbp

vulnerability_id VCID-zyzb-95vu-bfbp

summary

C5 Firefly III CSV Injection.
### Summary
CSV injection is a vulnerability where untrusted user input in CSV files can lead to unauthorized access or data manipulation. 
In my subsequent testing of the application.

### Details
I discovered that there is an option to "Export Data" from the web app to your personal computer, which exports a "csv" file that can be opened with Excel software that supports macros.

P.S 
I discovered that the web application's is offering a demo-site that anyone may access to play with the web application. So, there's a chance that someone will export the data (CVS) from the demo site and execute it on their PC, giving the malicious actor a complete control over their machine. (if a user enters a malicious payload to the website).

### PoC
You can check out my vulnerability report if you need more details/PoC with screenshots: (removed by JC5)

### Impact
An attacker can exploit this by entering a specially crafted payload to one of the fields, and when a user export the csv file using the "Export Data" function, the attacker can potentiality can RCE.

### Addendum by JC5, the developer of Firefly III
There is zero impact on normal users, even on vulnerable versions.

references

reference_url

https://github.com/firefly-iii/firefly-iii

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii

reference_url

https://github.com/advisories/GHSA-29w6-c52g-m8jc

reference_id

GHSA-29w6-c52g-m8jc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29w6-c52g-m8jc

reference_url

https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc

reference_id

GHSA-29w6-c52g-m8jc

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc

fixed_packages

url pkg:composer/grumpydictator/firefly-iii@6.1.7

purl pkg:composer/grumpydictator/firefly-iii@6.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jfps-wzcx-vyfj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7

aliases GHSA-29w6-c52g-m8jc, GMS-2024-52

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyzb-95vu-bfbp

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.1.2

Package Instance