Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/snipe/snipe-it@6.0.0-RC-1
Typecomposer
Namespacesnipe
Namesnipe-it
Version6.0.0-RC-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.4.1
Latest_non_vulnerable_version8.4.1
Affected_by_vulnerabilities
0
url VCID-182g-yzu7-57ch
vulnerability_id VCID-182g-yzu7-57ch
summary Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06996
published_at 2026-06-12T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.0698
published_at 2026-06-14T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06967
published_at 2026-06-11T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06988
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
1
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
2
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
4
reference_url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
reference_id GHSA-fww5-m9wc-jcjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
5
reference_url http://snipeitapp.com
reference_id snipeitapp.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url http://snipeitapp.com
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3amw-v6wf-8yg7
1
vulnerability VCID-3jws-ajsq-v7eq
2
vulnerability VCID-7d3x-8s7g-ykds
3
vulnerability VCID-b1qv-6g2z-x7b2
4
vulnerability VCID-ry56-8zuz-3bda
5
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65621, GHSA-fww5-m9wc-jcjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-182g-yzu7-57ch
1
url VCID-1aq3-9h3n-myct
vulnerability_id VCID-1aq3-9h3n-myct
summary Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54428
published_at 2026-06-12T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.5443
published_at 2026-06-14T12:55:00Z
2
value 0.00307
scoring_system epss
scoring_elements 0.54303
published_at 2026-06-11T12:55:00Z
3
value 0.00307
scoring_system epss
scoring_elements 0.54444
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
3
reference_url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
reference_id CVE-2024-51093
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T18:08:52Z/
url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
4
reference_url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
reference_id GHSA-hw9x-8m75-4vjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
fixed_packages
aliases CVE-2024-51093, GHSA-hw9x-8m75-4vjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1aq3-9h3n-myct
2
url VCID-1thr-9zfa-1yhp
vulnerability_id VCID-1thr-9zfa-1yhp
summary Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51829
published_at 2026-06-13T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51814
published_at 2026-06-14T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51749
published_at 2026-06-11T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51878
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
2
reference_url https://github.com/grokability/snipe-it/pull/16672
reference_id 16672
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/pull/16672
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
reference_id CVE-2025-47226
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
4
reference_url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
reference_id GHSA-h3vp-qwmx-5j25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
5
reference_url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
reference_id idor-exploit.md
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
6
reference_url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
reference_id v8.0.4...v8.1.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
7
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
reference_id v8.1.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.0
purl pkg:composer/snipe/snipe-it@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-4n88-ybjw-bqdk
4
vulnerability VCID-7d3x-8s7g-ykds
5
vulnerability VCID-7gkx-ws2v-hyd7
6
vulnerability VCID-b1qv-6g2z-x7b2
7
vulnerability VCID-ejxc-gtuk-fyfx
8
vulnerability VCID-ry56-8zuz-3bda
9
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.0
aliases CVE-2025-47226, GHSA-h3vp-qwmx-5j25
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1thr-9zfa-1yhp
3
url VCID-3amw-v6wf-8yg7
vulnerability_id VCID-3amw-v6wf-8yg7
summary Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page. NOTE: this is disputed by the Supplier because the report only demonstrates that an authenticated user can choose to conduct a man-in-the-middle attack against himself.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.0212
published_at 2026-06-14T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02114
published_at 2026-06-12T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.0211
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
1
reference_url https://github.com/cybercrewinc/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cybercrewinc/CVE-2025-64027
2
reference_url https://github.com/cybercrewinc/CVE-2025-64027/
reference_id CVE-2025-64027
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/cybercrewinc/CVE-2025-64027/
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
4
reference_url https://github.com/advisories/GHSA-8x9v-8qgj-945x
reference_id GHSA-8x9v-8qgj-945x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x9v-8qgj-945x
5
reference_url https://github.com/grokability/snipe-it
reference_id snipe-it
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/grokability/snipe-it
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.5
purl pkg:composer/snipe/snipe-it@8.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jws-ajsq-v7eq
1
vulnerability VCID-7d3x-8s7g-ykds
2
vulnerability VCID-b1qv-6g2z-x7b2
3
vulnerability VCID-ry56-8zuz-3bda
4
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.5
aliases CVE-2025-64027, GHSA-8x9v-8qgj-945x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3amw-v6wf-8yg7
4
url VCID-3jws-ajsq-v7eq
vulnerability_id VCID-3jws-ajsq-v7eq
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-06-12T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02101
published_at 2026-06-14T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02092
published_at 2026-06-13T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.0209
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
2
reference_url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
reference_id e37649212861a337e68a624e589c3540b7a82373
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
3
reference_url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44833, GHSA-mghp-5cq4-v6mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jws-ajsq-v7eq
5
url VCID-4n88-ybjw-bqdk
vulnerability_id VCID-4n88-ybjw-bqdk
summary Snipe-IT before 8.1.18 allows unsafe deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12084
published_at 2026-06-12T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12066
published_at 2026-06-14T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11991
published_at 2026-06-11T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12087
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
2
reference_url https://github.com/advisories/GHSA-phwj-fgch-xvrj
reference_id GHSA-phwj-fgch-xvrj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwj-fgch-xvrj
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id v8.1.18
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T13:49:18Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-7d3x-8s7g-ykds
4
vulnerability VCID-7gkx-ws2v-hyd7
5
vulnerability VCID-b1qv-6g2z-x7b2
6
vulnerability VCID-ry56-8zuz-3bda
7
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59713, GHSA-phwj-fgch-xvrj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n88-ybjw-bqdk
6
url VCID-6hks-9uk3-23at
vulnerability_id VCID-6hks-9uk3-23at
summary Insufficient Session Expiration in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2997
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58157
published_at 2026-06-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58044
published_at 2026-06-11T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.58162
published_at 2026-06-14T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.58174
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2997
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1
3
reference_url https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2997
reference_id CVE-2022-2997
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2997
5
reference_url https://github.com/advisories/GHSA-cmxc-9ghj-jp87
reference_id GHSA-cmxc-9ghj-jp87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmxc-9ghj-jp87
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.10
purl pkg:composer/snipe/snipe-it@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-925h-gz4a-xqf2
11
vulnerability VCID-b1qv-6g2z-x7b2
12
vulnerability VCID-ejxc-gtuk-fyfx
13
vulnerability VCID-hmss-qvuy-rfcx
14
vulnerability VCID-mfeg-t1ta-a3ck
15
vulnerability VCID-ry56-8zuz-3bda
16
vulnerability VCID-uksu-hbtt-6qdk
17
vulnerability VCID-v3vx-zast-efeg
18
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.10
aliases CVE-2022-2997, GHSA-cmxc-9ghj-jp87
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hks-9uk3-23at
7
url VCID-7d3x-8s7g-ykds
vulnerability_id VCID-7d3x-8s7g-ykds
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01991
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02002
published_at 2026-06-14T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01994
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
2
reference_url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
reference_id 28f493d84d057895fbb93b6570e7393a2c2fa438
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
3
reference_url https://github.com/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r42m-953q-6vjx
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44831, GHSA-r42m-953q-6vjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d3x-8s7g-ykds
8
url VCID-7gkx-ws2v-hyd7
vulnerability_id VCID-7gkx-ws2v-hyd7
summary Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.0774
published_at 2026-06-12T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07728
published_at 2026-06-14T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07734
published_at 2026-06-13T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07704
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
1
reference_url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
3
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
5
reference_url https://github.com/advisories/GHSA-4g25-wj72-chxg
reference_id GHSA-4g25-wj72-chxg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g25-wj72-chxg
6
reference_url http://snipeitapp.com
reference_id snipeitapp.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url http://snipeitapp.com
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3amw-v6wf-8yg7
1
vulnerability VCID-3jws-ajsq-v7eq
2
vulnerability VCID-7d3x-8s7g-ykds
3
vulnerability VCID-b1qv-6g2z-x7b2
4
vulnerability VCID-ry56-8zuz-3bda
5
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65622, GHSA-4g25-wj72-chxg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkx-ws2v-hyd7
9
url VCID-7kdb-yy6k-ebd1
vulnerability_id VCID-7kdb-yy6k-ebd1
summary Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29478
published_at 2026-06-11T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.2968
published_at 2026-06-14T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29679
published_at 2026-06-12T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29696
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
3
reference_url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
reference_id 43206801-9862-48da-b379-e55e341d78bf
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
4
reference_url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
reference_id 6d55d782806c9660e9e65dc5250faacb5d0033ed
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
5
reference_url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
reference_id GHSA-33vj-r6p6-x4p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.3
purl pkg:composer/snipe/snipe-it@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-8yxm-uj2h-rufj
9
vulnerability VCID-b1qv-6g2z-x7b2
10
vulnerability VCID-ejxc-gtuk-fyfx
11
vulnerability VCID-ry56-8zuz-3bda
12
vulnerability VCID-uksu-hbtt-6qdk
13
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.3
aliases CVE-2023-5511, GHSA-33vj-r6p6-x4p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kdb-yy6k-ebd1
10
url VCID-8yxm-uj2h-rufj
vulnerability_id VCID-8yxm-uj2h-rufj
summary Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
reference_id
reference_type
scores
0
value 0.02734
scoring_system epss
scoring_elements 0.86286
published_at 2026-06-11T12:55:00Z
1
value 0.02734
scoring_system epss
scoring_elements 0.86345
published_at 2026-06-14T12:55:00Z
2
value 0.02734
scoring_system epss
scoring_elements 0.86347
published_at 2026-06-13T12:55:00Z
3
value 0.02734
scoring_system epss
scoring_elements 0.86337
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://snipe-it.readme.io/docs/key-rotation
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipe-it.readme.io/docs/key-rotation
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
reference_id CVE-2024-48987
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
4
reference_url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
reference_id GHSA-57qh-vmjr-5jxg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
5
reference_url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
reference_id snipe-it-unauthenticated-remote-command-execution-when-appkey-known
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
6
reference_url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
reference_id v7.0.10
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
fixed_packages
0
url pkg:composer/snipe/snipe-it@7.0.10
purl pkg:composer/snipe/snipe-it@7.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-b1qv-6g2z-x7b2
9
vulnerability VCID-ejxc-gtuk-fyfx
10
vulnerability VCID-ry56-8zuz-3bda
11
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@7.0.10
aliases CVE-2024-48987, GHSA-57qh-vmjr-5jxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8yxm-uj2h-rufj
11
url VCID-925h-gz4a-xqf2
vulnerability_id VCID-925h-gz4a-xqf2
summary snipe-it vulnerable to cross-site scripting (XSS)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3035
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49459
published_at 2026-06-12T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.49322
published_at 2026-06-11T12:55:00Z
2
value 0.00256
scoring_system epss
scoring_elements 0.49466
published_at 2026-06-14T12:55:00Z
3
value 0.00256
scoring_system epss
scoring_elements 0.49477
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3035
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae
3
reference_url https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3035
reference_id CVE-2022-3035
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3035
5
reference_url https://github.com/advisories/GHSA-rff2-vqm3-jpv5
reference_id GHSA-rff2-vqm3-jpv5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rff2-vqm3-jpv5
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.11
purl pkg:composer/snipe/snipe-it@6.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-hmss-qvuy-rfcx
13
vulnerability VCID-mfeg-t1ta-a3ck
14
vulnerability VCID-ry56-8zuz-3bda
15
vulnerability VCID-uksu-hbtt-6qdk
16
vulnerability VCID-v3vx-zast-efeg
17
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.11
aliases CVE-2022-3035, GHSA-rff2-vqm3-jpv5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-925h-gz4a-xqf2
12
url VCID-b1qv-6g2z-x7b2
vulnerability_id VCID-b1qv-6g2z-x7b2
summary Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08667
published_at 2026-06-11T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08706
published_at 2026-06-14T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08714
published_at 2026-06-13T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08709
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
1
reference_url https://snipeitapp.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipeitapp.com
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
reference_id CVE-2025-15602
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
3
reference_url https://github.com/advisories/GHSA-5448-v74m-7mv7
reference_id GHSA-5448-v74m-7mv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5448-v74m-7mv7
4
reference_url https://snipeitapp.com/
reference_id snipeitapp.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://snipeitapp.com/
5
reference_url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_id snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
6
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
reference_id v8.3.7
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.7
purl pkg:composer/snipe/snipe-it@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jws-ajsq-v7eq
1
vulnerability VCID-7d3x-8s7g-ykds
2
vulnerability VCID-ry56-8zuz-3bda
3
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.7
aliases CVE-2025-15602, GHSA-5448-v74m-7mv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1qv-6g2z-x7b2
13
url VCID-ejxc-gtuk-fyfx
vulnerability_id VCID-ejxc-gtuk-fyfx
summary Snipe-IT before 8.1.18 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01589
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.016
published_at 2026-06-14T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01587
published_at 2026-06-11T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01592
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
2
reference_url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
reference_id GHSA-c9wp-pr7f-hfqm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id v8.1.18
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-19T13:49:48Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-7d3x-8s7g-ykds
4
vulnerability VCID-7gkx-ws2v-hyd7
5
vulnerability VCID-b1qv-6g2z-x7b2
6
vulnerability VCID-ry56-8zuz-3bda
7
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59712, GHSA-c9wp-pr7f-hfqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejxc-gtuk-fyfx
14
url VCID-hmss-qvuy-rfcx
vulnerability_id VCID-hmss-qvuy-rfcx
summary Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.3
published_at 2026-06-12T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29999
published_at 2026-06-14T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30016
published_at 2026-06-13T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.29802
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
3
reference_url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
reference_id d6ed5ac1-2ad6-45fd-9492-979820bf60c8
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
4
reference_url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
reference_id eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
5
reference_url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
reference_id GHSA-rr5c-69c9-gj9f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.2
purl pkg:composer/snipe/snipe-it@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-ry56-8zuz-3bda
13
vulnerability VCID-uksu-hbtt-6qdk
14
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.2
aliases CVE-2023-5452, GHSA-rr5c-69c9-gj9f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmss-qvuy-rfcx
15
url VCID-mfeg-t1ta-a3ck
vulnerability_id VCID-mfeg-t1ta-a3ck
summary Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44380
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46449
published_at 2026-06-14T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46307
published_at 2026-06-11T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46463
published_at 2026-06-13T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.46453
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44380
1
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
2
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44380
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44380
4
reference_url https://github.com/advisories/GHSA-363q-j92x-7543
reference_id GHSA-363q-j92x-7543
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-363q-j92x-7543
5
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
reference_id multiple-vulnerabilities-in-snipe-it
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:22:03Z/
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.14
purl pkg:composer/snipe/snipe-it@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-hmss-qvuy-rfcx
13
vulnerability VCID-ry56-8zuz-3bda
14
vulnerability VCID-uksu-hbtt-6qdk
15
vulnerability VCID-v3vx-zast-efeg
16
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.14
aliases CVE-2022-44380, GHSA-363q-j92x-7543
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfeg-t1ta-a3ck
16
url VCID-ry56-8zuz-3bda
vulnerability_id VCID-ry56-8zuz-3bda
summary Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.54391
published_at 2026-06-12T12:55:00Z
1
value 0.00306
scoring_system epss
scoring_elements 0.54393
published_at 2026-06-14T12:55:00Z
2
value 0.00306
scoring_system epss
scoring_elements 0.54408
published_at 2026-06-13T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.54266
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
2
reference_url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
reference_id 676a9958895a77de340565e7a0b17ae744664904
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
3
reference_url https://github.com/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg82-2hrv-hf64
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-37709, GHSA-xg82-2hrv-hf64
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry56-8zuz-3bda
17
url VCID-ssbq-f1d6-m7bh
vulnerability_id VCID-ssbq-f1d6-m7bh
summary Snipe-IT vulnerable to Improper Authentication
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3173
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40384
published_at 2026-06-12T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40216
published_at 2026-06-11T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40394
published_at 2026-06-14T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40405
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3173
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2
3
reference_url https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3173
reference_id CVE-2022-3173
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3173
5
reference_url https://github.com/advisories/GHSA-fhvv-p968-6vvj
reference_id GHSA-fhvv-p968-6vvj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhvv-p968-6vvj
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.10
purl pkg:composer/snipe/snipe-it@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-925h-gz4a-xqf2
11
vulnerability VCID-b1qv-6g2z-x7b2
12
vulnerability VCID-ejxc-gtuk-fyfx
13
vulnerability VCID-hmss-qvuy-rfcx
14
vulnerability VCID-mfeg-t1ta-a3ck
15
vulnerability VCID-ry56-8zuz-3bda
16
vulnerability VCID-uksu-hbtt-6qdk
17
vulnerability VCID-v3vx-zast-efeg
18
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.10
aliases CVE-2022-3173, GHSA-fhvv-p968-6vvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssbq-f1d6-m7bh
18
url VCID-uksu-hbtt-6qdk
vulnerability_id VCID-uksu-hbtt-6qdk
summary Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36827
published_at 2026-06-13T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36802
published_at 2026-06-12T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.36623
published_at 2026-06-11T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.36816
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/pull/14745
reference_id 14745
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/pull/14745
3
reference_url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
reference_id 34f1ea1c0ecd403047cd1327569ee391a7201cc1
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
4
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
reference_id CVE-2024-5685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
reference_id CVE-2024-5685
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
reference_id CVE-2024-5685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
7
reference_url https://github.com/advisories/GHSA-544r-fc65-v832
reference_id GHSA-544r-fc65-v832
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-544r-fc65-v832
8
reference_url https://advisory.checkmarx.net/?search=CVE-2024-5685
reference_id ?search=CVE-2024-5685
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://advisory.checkmarx.net/?search=CVE-2024-5685
9
reference_url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
reference_id v6.4.2
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.4.2
purl pkg:composer/snipe/snipe-it@6.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-8yxm-uj2h-rufj
9
vulnerability VCID-b1qv-6g2z-x7b2
10
vulnerability VCID-ejxc-gtuk-fyfx
11
vulnerability VCID-ry56-8zuz-3bda
12
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.4.2
aliases CVE-2024-5685, GHSA-544r-fc65-v832
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uksu-hbtt-6qdk
19
url VCID-urgt-uz5n-zyds
vulnerability_id VCID-urgt-uz5n-zyds
summary Old sessions not blocked by login enable function in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1155
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49108
published_at 2026-06-12T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48971
published_at 2026-06-11T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.49115
published_at 2026-06-14T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.49125
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1155
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d
3
reference_url https://github.com/snipe/snipe-it/pull/10876
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/pull/10876
4
reference_url https://github.com/snipe/snipe-it/releases/tag/v5.4.2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v5.4.2
5
reference_url https://github.com/snipe/snipe-it/releases/tag/v6.0.0-RC-6
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v6.0.0-RC-6
6
reference_url https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1155
reference_id CVE-2022-1155
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1155
8
reference_url https://github.com/advisories/GHSA-636j-7x7r-gvw2
reference_id GHSA-636j-7x7r-gvw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-636j-7x7r-gvw2
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.0-RC-6
purl pkg:composer/snipe/snipe-it@6.0.0-RC-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-v3vx-zast-efeg
20
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-6
aliases CVE-2022-1155, GHSA-636j-7x7r-gvw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urgt-uz5n-zyds
20
url VCID-v3vx-zast-efeg
vulnerability_id VCID-v3vx-zast-efeg
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02591
published_at 2026-06-11T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02595
published_at 2026-06-14T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02593
published_at 2026-06-12T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02585
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
2
reference_url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_id ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
3
reference_url https://github.com/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq28-crg7-95pr
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44832, GHSA-hq28-crg7-95pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3vx-zast-efeg
21
url VCID-yap2-7ggv-jkaw
vulnerability_id VCID-yap2-7ggv-jkaw
summary Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44381
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47739
published_at 2026-06-14T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47603
published_at 2026-06-11T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47759
published_at 2026-06-13T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.47743
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44381
1
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
2
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44381
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44381
4
reference_url https://github.com/advisories/GHSA-qqv9-gqh5-7h99
reference_id GHSA-qqv9-gqh5-7h99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qqv9-gqh5-7h99
5
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
reference_id multiple-vulnerabilities-in-snipe-it
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:20:46Z/
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
fixed_packages
aliases CVE-2022-44381, GHSA-qqv9-gqh5-7h99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yap2-7ggv-jkaw
Fixing_vulnerabilities
0
url VCID-f2cp-ca22-gba8
vulnerability_id VCID-f2cp-ca22-gba8
summary Improper Access Control in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1511
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.493
published_at 2026-06-12T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49163
published_at 2026-06-11T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.49306
published_at 2026-06-14T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.49318
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1511
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c
3
reference_url https://github.com/snipe/snipe-it/pull/10991
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/pull/10991
4
reference_url https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1511
reference_id CVE-2022-1511
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1511
6
reference_url https://github.com/advisories/GHSA-p2vw-f87c-q597
reference_id GHSA-p2vw-f87c-q597
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2vw-f87c-q597
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.4.4
purl pkg:composer/snipe/snipe-it@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-v3vx-zast-efeg
20
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.4
1
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-1511, GHSA-p2vw-f87c-q597
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2cp-ca22-gba8
1
url VCID-nddv-x2uq-vyeu
vulnerability_id VCID-nddv-x2uq-vyeu
summary Improper Privilege Management in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0611
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53236
published_at 2026-06-12T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53108
published_at 2026-06-11T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53238
published_at 2026-06-14T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53251
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0611
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
3
reference_url https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0611
reference_id CVE-2022-0611
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0611
5
reference_url https://github.com/advisories/GHSA-j57w-3c39-gpp5
reference_id GHSA-j57w-3c39-gpp5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j57w-3c39-gpp5
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.11
purl pkg:composer/snipe/snipe-it@5.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.11
1
url pkg:composer/snipe/snipe-it@5.4.0
purl pkg:composer/snipe/snipe-it@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-qq58-u49k-ybgk
19
vulnerability VCID-ry56-8zuz-3bda
20
vulnerability VCID-ssbq-f1d6-m7bh
21
vulnerability VCID-uksu-hbtt-6qdk
22
vulnerability VCID-v3vx-zast-efeg
23
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.0
2
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-0611, GHSA-j57w-3c39-gpp5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nddv-x2uq-vyeu
2
url VCID-qyeh-yjgg-zfdf
vulnerability_id VCID-qyeh-yjgg-zfdf
summary Generation of Error Message Containing Sensitive Information in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0622
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.22031
published_at 2026-06-12T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21843
published_at 2026-06-11T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.22018
published_at 2026-06-14T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.22042
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0622
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2
3
reference_url https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0622
reference_id CVE-2022-0622
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0622
5
reference_url https://github.com/advisories/GHSA-pwwm-pwx2-2hw7
reference_id GHSA-pwwm-pwx2-2hw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwwm-pwx2-2hw7
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.11
purl pkg:composer/snipe/snipe-it@5.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.11
1
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-0622, GHSA-pwwm-pwx2-2hw7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyeh-yjgg-zfdf
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1