Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/239087?format=api",
    "purl": "pkg:composer/grumpydictator/firefly-iii@4.3.6",
    "type": "composer",
    "namespace": "grumpydictator",
    "name": "firefly-iii",
    "version": "4.3.6",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "6.1.17",
    "latest_non_vulnerable_version": "6.5.1",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41506?format=api",
            "vulnerability_id": "VCID-1bnk-b65m-tqg6",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3819",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00141",
                            "scoring_system": "epss",
                            "scoring_elements": "0.33929",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00141",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34045",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00141",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34031",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3819"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3819",
                    "reference_id": "CVE-2021-3819",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3819"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59144?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1"
                }
            ],
            "aliases": [
                "CVE-2021-3819",
                "GHSA-356r-77q8-f64f"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bnk-b65m-tqg6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44820?format=api",
            "vulnerability_id": "VCID-2xs8-eknt-gyap",
            "summary": "Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1789",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00189",
                            "scoring_system": "epss",
                            "scoring_elements": "0.40597",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00189",
                            "scoring_system": "epss",
                            "scoring_elements": "0.40593",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00189",
                            "scoring_system": "epss",
                            "scoring_elements": "0.40513",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1789"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/pull/7043",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/pull/7043"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/"
                        }
                    ],
                    "url": "https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1789",
                    "reference_id": "CVE-2023-1789",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1789"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-mwxw-hxvp-4r2r",
                    "reference_id": "GHSA-mwxw-hxvp-4r2r",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-mwxw-hxvp-4r2r"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64495?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.7.18",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64494?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64496?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1"
                }
            ],
            "aliases": [
                "CVE-2023-1789",
                "GHSA-mwxw-hxvp-4r2r"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xs8-eknt-gyap"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41640?format=api",
            "vulnerability_id": "VCID-4hdz-bgf3-hqbz",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3901",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23764",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23779",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23683",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3901"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3901",
                    "reference_id": "CVE-2021-3901",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3901"
                }
            ],
            "fixed_packages": [],
            "aliases": [
                "CVE-2021-3901",
                "GHSA-rqgp-ccph-5w65"
            ],
            "risk_score": 1.6,
            "exploitability": "0.5",
            "weighted_severity": "3.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hdz-bgf3-hqbz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46788?format=api",
            "vulnerability_id": "VCID-5as2-q475-7fgv",
            "summary": "Firefly III allows webhooks HTML Injection.\nFirefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22075",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00128",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31784",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00128",
                            "scoring_system": "epss",
                            "scoring_elements": "0.31815",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22075"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1"
                },
                {
                    "reference_url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22075",
                    "reference_id": "CVE-2024-22075",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22075"
                },
                {
                    "reference_url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/",
                    "reference_id": "front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/"
                        }
                    ],
                    "url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-vwv2-9wcj-64vx",
                    "reference_id": "GHSA-vwv2-9wcj-64vx",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-vwv2-9wcj-64vx"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68418?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1"
                }
            ],
            "aliases": [
                "CVE-2024-22075",
                "GHSA-vwv2-9wcj-64vx"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5as2-q475-7fgv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44864?format=api",
            "vulnerability_id": "VCID-6ydw-rfb3-hbe3",
            "summary": "Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1788",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00226",
                            "scoring_system": "epss",
                            "scoring_elements": "0.45465",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00226",
                            "scoring_system": "epss",
                            "scoring_elements": "0.45462",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00226",
                            "scoring_system": "epss",
                            "scoring_elements": "0.45393",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1788"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/"
                        }
                    ],
                    "url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1788",
                    "reference_id": "CVE-2023-1788",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1788"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-h7vv-46p5-prmh",
                    "reference_id": "GHSA-h7vv-46p5-prmh",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-h7vv-46p5-prmh"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64494?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0"
                }
            ],
            "aliases": [
                "CVE-2023-1788",
                "GHSA-h7vv-46p5-prmh"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ydw-rfb3-hbe3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51674?format=api",
            "vulnerability_id": "VCID-7j5p-xwqv-k3cf",
            "summary": "Cross-site Scripting\nFirefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during `attachments/edit/$file_id$` attachment editing.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13645",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5175",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.51819",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.51809",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13645"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/2337",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/2337"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13645",
                    "reference_id": "CVE-2019-13645",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13645"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58957?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/239153?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-q2aw-rbww-nqc7"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3"
                }
            ],
            "aliases": [
                "CVE-2019-13645",
                "GHSA-5hpw-vcj2-prwg"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7j5p-xwqv-k3cf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41335?format=api",
            "vulnerability_id": "VCID-951v-qu7n-4ybp",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3729",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30084",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30121",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30157",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3729"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3729",
                    "reference_id": "CVE-2021-3729",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3729"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/141591?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0"
                }
            ],
            "aliases": [
                "CVE-2021-3729",
                "GHSA-gp6w-ccqv-p7qr"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-951v-qu7n-4ybp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41337?format=api",
            "vulnerability_id": "VCID-ag6y-f8nh-5kej",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3730",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2917",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29208",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29241",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3730"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3730",
                    "reference_id": "CVE-2021-3730",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3730"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/141591?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0"
                }
            ],
            "aliases": [
                "CVE-2021-3730",
                "GHSA-c676-mcw3-qg55"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ag6y-f8nh-5kej"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51671?format=api",
            "vulnerability_id": "VCID-b23p-cn7c-k7av",
            "summary": "Cross-site Scripting\nFirefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during `attachments/view/$file_id$` attachment viewing.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13647",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42856",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42845",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42771",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13647"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/2338",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/2338"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13647",
                    "reference_id": "CVE-2019-13647",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13647"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58957?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/239153?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-q2aw-rbww-nqc7"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3"
                }
            ],
            "aliases": [
                "CVE-2019-13647",
                "GHSA-pcxq-28f6-m3fm"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b23p-cn7c-k7av"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41244?format=api",
            "vulnerability_id": "VCID-cbss-79ng-p7an",
            "summary": "firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3663",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36689",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.0016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36681",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.0016",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36587",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3663"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3663",
                    "reference_id": "CVE-2021-3663",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3663"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58493?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.5.13",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/530422?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1"
                }
            ],
            "aliases": [
                "CVE-2021-3663",
                "GHSA-56cx-wf47-hx7w"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbss-79ng-p7an"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41339?format=api",
            "vulnerability_id": "VCID-cpwr-nyyb-afdf",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3728",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2917",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29208",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00111",
                            "scoring_system": "epss",
                            "scoring_elements": "0.29241",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3728"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3728",
                    "reference_id": "CVE-2021-3728",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3728"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/141591?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0"
                }
            ],
            "aliases": [
                "CVE-2021-3728",
                "GHSA-xp5q-77mh-6hm2"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwr-nyyb-afdf"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41709?format=api",
            "vulnerability_id": "VCID-f1nj-u7yz-zycr",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3921",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30138",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30173",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30101",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3921"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3921",
                    "reference_id": "CVE-2021-3921",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3921"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-q2cv-94xm-qvg4",
                    "reference_id": "GHSA-q2cv-94xm-qvg4",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-q2cv-94xm-qvg4"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59544?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3"
                }
            ],
            "aliases": [
                "CVE-2021-3921",
                "GHSA-q2cv-94xm-qvg4"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1nj-u7yz-zycr"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41639?format=api",
            "vulnerability_id": "VCID-hbpp-jqk1-cubw",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3900",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00238",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46991",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00238",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47059",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00238",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47056",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3900"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3900",
                    "reference_id": "CVE-2021-3900",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3900"
                }
            ],
            "fixed_packages": [],
            "aliases": [
                "CVE-2021-3900",
                "GHSA-pfj7-w373-gqch"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpp-jqk1-cubw"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55372?format=api",
            "vulnerability_id": "VCID-jfps-wzcx-vyfj",
            "summary": "Firefly III has a MFA bypass in oauth flow\nA MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37893",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00028",
                            "scoring_system": "epss",
                            "scoring_elements": "0.08453",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00028",
                            "scoring_system": "epss",
                            "scoring_elements": "0.08441",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37893"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/"
                        }
                    ],
                    "url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack"
                },
                {
                    "reference_url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/"
                        }
                    ],
                    "url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37893",
                    "reference_id": "CVE-2024-37893",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37893"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-4gm4-c4mh-4p7w",
                    "reference_id": "GHSA-4gm4-c4mh-4p7w",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-4gm4-c4mh-4p7w"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w",
                    "reference_id": "GHSA-4gm4-c4mh-4p7w",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/81870?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.17",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17"
                }
            ],
            "aliases": [
                "CVE-2024-37893",
                "GHSA-4gm4-c4mh-4p7w"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfps-wzcx-vyfj"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41809?format=api",
            "vulnerability_id": "VCID-pvmv-dy5p-pkbn",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4005",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36737",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36835",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36829",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4005"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4005",
                    "reference_id": "CVE-2021-4005",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4005"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-hjhp-hwfj-hwf3",
                    "reference_id": "GHSA-hjhp-hwfj-hwf3",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-hjhp-hwfj-hwf3"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59713?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5"
                }
            ],
            "aliases": [
                "CVE-2021-4005",
                "GHSA-hjhp-hwfj-hwf3"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvmv-dy5p-pkbn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53741?format=api",
            "vulnerability_id": "VCID-q2aw-rbww-nqc7",
            "summary": "Cross-site Scripting\nAn XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.",
            "references": [
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/3990",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/3990"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27981",
                    "reference_id": "CVE-2020-27981",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27981"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/79028?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.4.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5"
                }
            ],
            "aliases": [
                "CVE-2020-27981"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2aw-rbww-nqc7"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54695?format=api",
            "vulnerability_id": "VCID-t96s-982j-d3fr",
            "summary": "Incorrect Authorization\nImproper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0298",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00165",
                            "scoring_system": "epss",
                            "scoring_elements": "0.37327",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00165",
                            "scoring_system": "epss",
                            "scoring_elements": "0.37322",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00165",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3723",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0298"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/"
                        }
                    ],
                    "url": "https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0298",
                    "reference_id": "CVE-2023-0298",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0298"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64493?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.8.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0"
                }
            ],
            "aliases": [
                "CVE-2023-0298",
                "GHSA-7mc4-jp4f-v2j2"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t96s-982j-d3fr"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41607?format=api",
            "vulnerability_id": "VCID-u76r-dx9g-5fcv",
            "summary": "firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3846",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47041",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47044",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00237",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46975",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3846"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3846",
                    "reference_id": "CVE-2021-3846",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3846"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-5gq7-826w-8282",
                    "reference_id": "GHSA-5gq7-826w-8282",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-5gq7-826w-8282"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59317?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2"
                }
            ],
            "aliases": [
                "CVE-2021-3846",
                "GHSA-5gq7-826w-8282"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u76r-dx9g-5fcv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41445?format=api",
            "vulnerability_id": "VCID-v5yd-vwys-f7hv",
            "summary": "Improper Input Validation\nFirefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14671",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00053",
                            "scoring_system": "epss",
                            "scoring_elements": "0.16749",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00053",
                            "scoring_system": "epss",
                            "scoring_elements": "0.16824",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00053",
                            "scoring_system": "epss",
                            "scoring_elements": "0.16829",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14671"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/2367",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/2367"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14671",
                    "reference_id": "CVE-2019-14671",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14671"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-jjcx-999m-35hc",
                    "reference_id": "GHSA-jjcx-999m-35hc",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-jjcx-999m-35hc"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/276569?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-q2aw-rbww-nqc7"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58958?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B4"
                }
            ],
            "aliases": [
                "CVE-2019-14671",
                "GHSA-jjcx-999m-35hc"
            ],
            "risk_score": 1.5,
            "exploitability": "0.5",
            "weighted_severity": "3.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v5yd-vwys-f7hv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51670?format=api",
            "vulnerability_id": "VCID-v776-99j4-mua2",
            "summary": "Cross-site Scripting\nFirefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the `tags/show/$tag_number$` tag summary page.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13644",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00225",
                            "scoring_system": "epss",
                            "scoring_elements": "0.4525",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00225",
                            "scoring_system": "epss",
                            "scoring_elements": "0.45323",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00225",
                            "scoring_system": "epss",
                            "scoring_elements": "0.45319",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13644"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/2335",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/"
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/2335"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13644",
                    "reference_id": "CVE-2019-13644",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13644"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/239151?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-7j5p-xwqv-k3cf"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-b23p-cn7c-k7av"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-q2aw-rbww-nqc7"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-xvtj-8abr-tuem"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/75777?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B1"
                }
            ],
            "aliases": [
                "CVE-2019-13644",
                "GHSA-9xmx-rj7j-fv9q"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v776-99j4-mua2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41787?format=api",
            "vulnerability_id": "VCID-vkg3-xm11-3qdh",
            "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4015",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36835",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36829",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00161",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36737",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4015"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4015",
                    "reference_id": "CVE-2021-4015",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4015"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-g6vq-wc8w-4g69",
                    "reference_id": "GHSA-g6vq-wc8w-4g69",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-g6vq-wc8w-4g69"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59690?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59713?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.5",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5"
                }
            ],
            "aliases": [
                "CVE-2021-4015",
                "GHSA-g6vq-wc8w-4g69"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkg3-xm11-3qdh"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41604?format=api",
            "vulnerability_id": "VCID-wh6m-3mp3-gbfb",
            "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nfirefly-iii is vulnerable to URL Redirection to Untrusted Site",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3851",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.37815",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.37909",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00169",
                            "scoring_system": "epss",
                            "scoring_elements": "0.37906",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3851"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d"
                },
                {
                    "reference_url": "https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3851",
                    "reference_id": "CVE-2021-3851",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3851"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/59317?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2"
                }
            ],
            "aliases": [
                "CVE-2021-3851",
                "GHSA-5fvx-5p2r-4mvp"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wh6m-3mp3-gbfb"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51673?format=api",
            "vulnerability_id": "VCID-xvtj-8abr-tuem",
            "summary": "Cross-site Scripting\nFirefly III is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13646",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.51819",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.51809",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00281",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5175",
                            "published_at": "2026-06-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13646"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/2339",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/issues/2339"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13646",
                    "reference_id": "CVE-2019-13646",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13646"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/58957?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/239153?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@4.7.17.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1bnk-b65m-tqg6"
                        },
                        {
                            "vulnerability": "VCID-2xs8-eknt-gyap"
                        },
                        {
                            "vulnerability": "VCID-4hdz-bgf3-hqbz"
                        },
                        {
                            "vulnerability": "VCID-5as2-q475-7fgv"
                        },
                        {
                            "vulnerability": "VCID-6ydw-rfb3-hbe3"
                        },
                        {
                            "vulnerability": "VCID-951v-qu7n-4ybp"
                        },
                        {
                            "vulnerability": "VCID-ag6y-f8nh-5kej"
                        },
                        {
                            "vulnerability": "VCID-cbss-79ng-p7an"
                        },
                        {
                            "vulnerability": "VCID-cpwr-nyyb-afdf"
                        },
                        {
                            "vulnerability": "VCID-f1nj-u7yz-zycr"
                        },
                        {
                            "vulnerability": "VCID-hbpp-jqk1-cubw"
                        },
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        },
                        {
                            "vulnerability": "VCID-pvmv-dy5p-pkbn"
                        },
                        {
                            "vulnerability": "VCID-q2aw-rbww-nqc7"
                        },
                        {
                            "vulnerability": "VCID-t96s-982j-d3fr"
                        },
                        {
                            "vulnerability": "VCID-u76r-dx9g-5fcv"
                        },
                        {
                            "vulnerability": "VCID-v5yd-vwys-f7hv"
                        },
                        {
                            "vulnerability": "VCID-vkg3-xm11-3qdh"
                        },
                        {
                            "vulnerability": "VCID-wh6m-3mp3-gbfb"
                        },
                        {
                            "vulnerability": "VCID-zyzb-95vu-bfbp"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3"
                }
            ],
            "aliases": [
                "CVE-2019-13646",
                "GHSA-mrc2-h7q2-pp97"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvtj-8abr-tuem"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46920?format=api",
            "vulnerability_id": "VCID-zyzb-95vu-bfbp",
            "summary": "C5 Firefly III CSV Injection.\n### Summary\nCSV injection is a vulnerability where untrusted user input in CSV files can lead to unauthorized access or data manipulation. \nIn my subsequent testing of the application.\n\n### Details\nI discovered that there is an option to \"Export Data\" from the web app to your personal computer, which exports a \"csv\" file that can be opened with Excel software that supports macros.\n\nP.S \nI discovered that the web application's is offering a demo-site that anyone may access to play with the web application. So, there's a chance that someone will export the data (CVS) from the demo site and execute it on their PC, giving the malicious actor a complete control over their machine. (if a user enters a malicious payload to the website).\n\n### PoC\nYou can check out my vulnerability report if you need more details/PoC with screenshots: (removed by JC5)\n\n### Impact\nAn attacker can exploit this by entering a specially crafted payload to one of the fields, and when a user export the csv file using the \"Export Data\" function, the attacker can potentiality can RCE.\n\n### Addendum by JC5, the developer of Firefly III\nThere is zero impact on normal users, even on vulnerable versions.",
            "references": [
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-29w6-c52g-m8jc",
                    "reference_id": "GHSA-29w6-c52g-m8jc",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-29w6-c52g-m8jc"
                },
                {
                    "reference_url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc",
                    "reference_id": "GHSA-29w6-c52g-m8jc",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/68662?format=api",
                    "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-jfps-wzcx-vyfj"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7"
                }
            ],
            "aliases": [
                "GHSA-29w6-c52g-m8jc",
                "GMS-2024-52"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyzb-95vu-bfbp"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "4.0",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.3.6"
}