Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/grumpydictator/firefly-iii@3.10.4
Typecomposer
Namespacegrumpydictator
Namefirefly-iii
Version3.10.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.17
Latest_non_vulnerable_version6.6.3
Affected_by_vulnerabilities
0
url VCID-3xt2-zddu-5kas
vulnerability_id VCID-3xt2-zddu-5kas
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30104
published_at 2026-06-11T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.303
published_at 2026-06-14T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30318
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
3
reference_url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
5
reference_url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
reference_id GHSA-gp6w-ccqv-p7qr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3729, GHSA-gp6w-ccqv-p7qr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xt2-zddu-5kas
1
url VCID-6hv4-rqcv-qbcy
vulnerability_id VCID-6hv4-rqcv-qbcy
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29186
published_at 2026-06-11T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29386
published_at 2026-06-12T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29409
published_at 2026-06-13T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29396
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
3
reference_url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
5
reference_url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
reference_id GHSA-xp5q-77mh-6hm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3728, GHSA-xp5q-77mh-6hm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hv4-rqcv-qbcy
2
url VCID-8wzk-5ezx-67ff
vulnerability_id VCID-8wzk-5ezx-67ff
summary Unrestricted File Upload vulnerability in Firefly III
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47209
published_at 2026-06-12T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.47069
published_at 2026-06-11T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.47206
published_at 2026-06-14T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.47224
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
2
reference_url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
reference_id CVE-2021-3846
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
4
reference_url https://github.com/advisories/GHSA-5gq7-826w-8282
reference_id GHSA-5gq7-826w-8282
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gq7-826w-8282
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aftu-kqp2-c3b5
1
vulnerability VCID-axhd-n35q-f7gd
2
vulnerability VCID-ceuu-cq6q-yke3
3
vulnerability VCID-et4h-x9fk-93fv
4
vulnerability VCID-jb3r-4ser-xye4
5
vulnerability VCID-kg26-nm7m-zyhs
6
vulnerability VCID-kqnc-x9a5-ruef
7
vulnerability VCID-nhe3-4cuv-w3ba
8
vulnerability VCID-q8k2-nnwd-huhr
9
vulnerability VCID-sw17-s2cs-q7gp
10
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3846, GHSA-5gq7-826w-8282
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wzk-5ezx-67ff
3
url VCID-aebx-s1h6-tudd
vulnerability_id VCID-aebx-s1h6-tudd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13647
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42869
published_at 2026-06-11T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.43028
published_at 2026-06-12T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.43047
published_at 2026-06-13T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.43037
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13647
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc
2
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
3
reference_url https://github.com/firefly-iii/firefly-iii/issues/2338
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2338
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13647
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13647
5
reference_url https://github.com/advisories/GHSA-pcxq-28f6-m3fm
reference_id GHSA-pcxq-28f6-m3fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcxq-28f6-m3fm
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tfe1-z4e3-27cj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-rgkb-gfjh-g7gd
17
vulnerability VCID-sw17-s2cs-q7gp
18
vulnerability VCID-tfe1-z4e3-27cj
19
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13647, GHSA-pcxq-28f6-m3fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aebx-s1h6-tudd
4
url VCID-aftu-kqp2-c3b5
vulnerability_id VCID-aftu-kqp2-c3b5
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30319
published_at 2026-06-14T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30124
published_at 2026-06-11T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30337
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
3
reference_url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
reference_id CVE-2021-3921
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
5
reference_url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
reference_id GHSA-q2cv-94xm-qvg4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.3
purl pkg:composer/grumpydictator/firefly-iii@5.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axhd-n35q-f7gd
1
vulnerability VCID-ceuu-cq6q-yke3
2
vulnerability VCID-et4h-x9fk-93fv
3
vulnerability VCID-kg26-nm7m-zyhs
4
vulnerability VCID-kqnc-x9a5-ruef
5
vulnerability VCID-nhe3-4cuv-w3ba
6
vulnerability VCID-q8k2-nnwd-huhr
7
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3
aliases CVE-2021-3921, GHSA-q2cv-94xm-qvg4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aftu-kqp2-c3b5
5
url VCID-axhd-n35q-f7gd
vulnerability_id VCID-axhd-n35q-f7gd
summary Cross Site Request Forgery in firefly-iii
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37002
published_at 2026-06-12T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36825
published_at 2026-06-11T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37016
published_at 2026-06-14T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37031
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
3
reference_url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
reference_id CVE-2021-4005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
5
reference_url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
reference_id GHSA-hjhp-hwfj-hwf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
5
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4005, GHSA-hjhp-hwfj-hwf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axhd-n35q-f7gd
6
url VCID-ceuu-cq6q-yke3
vulnerability_id VCID-ceuu-cq6q-yke3
summary C5 Firefly III CSV Injection.
references
0
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
1
reference_url https://github.com/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29w6-c52g-m8jc
2
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.7
purl pkg:composer/grumpydictator/firefly-iii@6.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7
aliases GHSA-29w6-c52g-m8jc, GMS-2024-52
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-cq6q-yke3
7
url VCID-db6a-g1zn-gfhw
vulnerability_id VCID-db6a-g1zn-gfhw
summary Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13644
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45505
published_at 2026-06-13T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45493
published_at 2026-06-14T12:55:00Z
2
value 0.00225
scoring_system epss
scoring_elements 0.45495
published_at 2026-06-12T12:55:00Z
3
value 0.00225
scoring_system epss
scoring_elements 0.45346
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13644
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13644
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13644
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2335
reference_id 2335
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/
url https://github.com/firefly-iii/firefly-iii/issues/2335
5
reference_url https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36
reference_id 76aa8ac...45b8c36
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/
url https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36
6
reference_url https://github.com/advisories/GHSA-9xmx-rj7j-fv9q
reference_id GHSA-9xmx-rj7j-fv9q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xmx-rj7j-fv9q
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17.1
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aebx-s1h6-tudd
4
vulnerability VCID-aftu-kqp2-c3b5
5
vulnerability VCID-axhd-n35q-f7gd
6
vulnerability VCID-ceuu-cq6q-yke3
7
vulnerability VCID-dx84-whcp-c3dd
8
vulnerability VCID-et4h-x9fk-93fv
9
vulnerability VCID-f5bt-361e-cfcg
10
vulnerability VCID-fpjt-5gb4-9fcg
11
vulnerability VCID-j9hb-qmdv-eugs
12
vulnerability VCID-jb3r-4ser-xye4
13
vulnerability VCID-kg26-nm7m-zyhs
14
vulnerability VCID-kqnc-x9a5-ruef
15
vulnerability VCID-nhe3-4cuv-w3ba
16
vulnerability VCID-q8k2-nnwd-huhr
17
vulnerability VCID-rghf-vdbq-rqhv
18
vulnerability VCID-rgkb-gfjh-g7gd
19
vulnerability VCID-sw17-s2cs-q7gp
20
vulnerability VCID-tfe1-z4e3-27cj
21
vulnerability VCID-xhwg-41ac-wfe5
22
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.1
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B1
aliases CVE-2019-13644, GHSA-9xmx-rj7j-fv9q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db6a-g1zn-gfhw
8
url VCID-dx84-whcp-c3dd
vulnerability_id VCID-dx84-whcp-c3dd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36676
published_at 2026-06-11T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36855
published_at 2026-06-12T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.3688
published_at 2026-06-13T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36868
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
4
reference_url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
6
reference_url https://github.com/advisories/GHSA-56cx-wf47-hx7w
reference_id GHSA-56cx-wf47-hx7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56cx-wf47-hx7w
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.5.13
purl pkg:composer/grumpydictator/firefly-iii@5.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-et4h-x9fk-93fv
7
vulnerability VCID-f5bt-361e-cfcg
8
vulnerability VCID-fpjt-5gb4-9fcg
9
vulnerability VCID-jb3r-4ser-xye4
10
vulnerability VCID-kg26-nm7m-zyhs
11
vulnerability VCID-kqnc-x9a5-ruef
12
vulnerability VCID-nhe3-4cuv-w3ba
13
vulnerability VCID-q8k2-nnwd-huhr
14
vulnerability VCID-rghf-vdbq-rqhv
15
vulnerability VCID-sw17-s2cs-q7gp
16
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13
1
url pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-et4h-x9fk-93fv
7
vulnerability VCID-f5bt-361e-cfcg
8
vulnerability VCID-fpjt-5gb4-9fcg
9
vulnerability VCID-jb3r-4ser-xye4
10
vulnerability VCID-kg26-nm7m-zyhs
11
vulnerability VCID-kqnc-x9a5-ruef
12
vulnerability VCID-nhe3-4cuv-w3ba
13
vulnerability VCID-q8k2-nnwd-huhr
14
vulnerability VCID-rghf-vdbq-rqhv
15
vulnerability VCID-sw17-s2cs-q7gp
16
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
aliases CVE-2021-3663, GHSA-56cx-wf47-hx7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx84-whcp-c3dd
9
url VCID-et4h-x9fk-93fv
vulnerability_id VCID-et4h-x9fk-93fv
summary Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31777
published_at 2026-06-11T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.31961
published_at 2026-06-14T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.31982
published_at 2026-06-13T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.31965
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
3
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
reference_id CVE-2024-22075
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
5
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
reference_id front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
6
reference_url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
reference_id GHSA-vwv2-9wcj-64vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
7
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
reference_id v6.1.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.1
purl pkg:composer/grumpydictator/firefly-iii@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1
aliases CVE-2024-22075, GHSA-vwv2-9wcj-64vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et4h-x9fk-93fv
10
url VCID-f5bt-361e-cfcg
vulnerability_id VCID-f5bt-361e-cfcg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.3404
published_at 2026-06-11T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34216
published_at 2026-06-12T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.3424
published_at 2026-06-13T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34219
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
3
reference_url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
reference_id CVE-2021-3819
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
5
reference_url https://github.com/advisories/GHSA-356r-77q8-f64f
reference_id GHSA-356r-77q8-f64f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-356r-77q8-f64f
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-jb3r-4ser-xye4
6
vulnerability VCID-kg26-nm7m-zyhs
7
vulnerability VCID-kqnc-x9a5-ruef
8
vulnerability VCID-nhe3-4cuv-w3ba
9
vulnerability VCID-q8k2-nnwd-huhr
10
vulnerability VCID-rghf-vdbq-rqhv
11
vulnerability VCID-sw17-s2cs-q7gp
12
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1
aliases CVE-2021-3819, GHSA-356r-77q8-f64f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5bt-361e-cfcg
11
url VCID-fpjt-5gb4-9fcg
vulnerability_id VCID-fpjt-5gb4-9fcg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29186
published_at 2026-06-11T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29386
published_at 2026-06-12T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29409
published_at 2026-06-13T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29396
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
3
reference_url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
5
reference_url https://github.com/advisories/GHSA-c676-mcw3-qg55
reference_id GHSA-c676-mcw3-qg55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c676-mcw3-qg55
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3730, GHSA-c676-mcw3-qg55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpjt-5gb4-9fcg
12
url VCID-j9hb-qmdv-eugs
vulnerability_id VCID-j9hb-qmdv-eugs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13645
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51849
published_at 2026-06-11T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51979
published_at 2026-06-12T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51992
published_at 2026-06-13T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51976
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13645
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5
3
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2337
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2337
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13645
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13645
6
reference_url https://github.com/advisories/GHSA-5hpw-vcj2-prwg
reference_id GHSA-5hpw-vcj2-prwg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hpw-vcj2-prwg
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tfe1-z4e3-27cj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-rgkb-gfjh-g7gd
17
vulnerability VCID-sw17-s2cs-q7gp
18
vulnerability VCID-tfe1-z4e3-27cj
19
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13645, GHSA-5hpw-vcj2-prwg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9hb-qmdv-eugs
13
url VCID-jb3r-4ser-xye4
vulnerability_id VCID-jb3r-4ser-xye4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47084
published_at 2026-06-11T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47224
published_at 2026-06-12T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.47238
published_at 2026-06-13T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.4722
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
3
reference_url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
5
reference_url https://github.com/advisories/GHSA-pfj7-w373-gqch
reference_id GHSA-pfj7-w373-gqch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfj7-w373-gqch
fixed_packages
aliases CVE-2021-3900, GHSA-pfj7-w373-gqch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jb3r-4ser-xye4
14
url VCID-kg26-nm7m-zyhs
vulnerability_id VCID-kg26-nm7m-zyhs
summary Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08489
published_at 2026-06-14T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08494
published_at 2026-06-13T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08491
published_at 2026-06-12T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08452
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
reference_id CVE-2024-37893
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
3
reference_url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
4
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
5
reference_url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
reference_id mfa-bypass
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
6
reference_url https://owasp.org/www-community/attacks/Password_Spraying_Attack
reference_id Password_Spraying_Attack
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://owasp.org/www-community/attacks/Password_Spraying_Attack
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.17
purl pkg:composer/grumpydictator/firefly-iii@6.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17
aliases CVE-2024-37893, GHSA-4gm4-c4mh-4p7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg26-nm7m-zyhs
15
url VCID-kqnc-x9a5-ruef
vulnerability_id VCID-kqnc-x9a5-ruef
summary Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.3732
published_at 2026-06-11T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37507
published_at 2026-06-14T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37497
published_at 2026-06-12T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
3
reference_url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
reference_id 9689052c-c1d7-4aae-aa08-346c9b6e04ed
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
4
reference_url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
reference_id db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
5
reference_url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
reference_id GHSA-7mc4-jp4f-v2j2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.8.0
purl pkg:composer/grumpydictator/firefly-iii@5.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0
aliases CVE-2023-0298, GHSA-7mc4-jp4f-v2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqnc-x9a5-ruef
16
url VCID-nhe3-4cuv-w3ba
vulnerability_id VCID-nhe3-4cuv-w3ba
summary Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45489
published_at 2026-06-11T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45632
published_at 2026-06-14T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45637
published_at 2026-06-12T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45646
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
3
reference_url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
reference_id 68f398f97cbe1870fc098d8460bf903b9c3fab30
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
4
reference_url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
reference_id 79323c9e-e0e5-48ef-bd19-d0b09587ccb2
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
5
reference_url https://github.com/advisories/GHSA-h7vv-46p5-prmh
reference_id GHSA-h7vv-46p5-prmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7vv-46p5-prmh
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
aliases CVE-2023-1788, GHSA-h7vv-46p5-prmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe3-4cuv-w3ba
17
url VCID-q8k2-nnwd-huhr
vulnerability_id VCID-q8k2-nnwd-huhr
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37002
published_at 2026-06-12T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36825
published_at 2026-06-11T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37016
published_at 2026-06-14T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37031
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
4
reference_url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
reference_id CVE-2021-4015
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
6
reference_url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
reference_id GHSA-g6vq-wc8w-4g69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.4
purl pkg:composer/grumpydictator/firefly-iii@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axhd-n35q-f7gd
1
vulnerability VCID-ceuu-cq6q-yke3
2
vulnerability VCID-et4h-x9fk-93fv
3
vulnerability VCID-kg26-nm7m-zyhs
4
vulnerability VCID-kqnc-x9a5-ruef
5
vulnerability VCID-nhe3-4cuv-w3ba
6
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4
1
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
5
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4015, GHSA-g6vq-wc8w-4g69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8k2-nnwd-huhr
18
url VCID-rghf-vdbq-rqhv
vulnerability_id VCID-rghf-vdbq-rqhv
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37903
published_at 2026-06-11T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38079
published_at 2026-06-12T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38105
published_at 2026-06-13T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38093
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
3
reference_url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
5
reference_url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
reference_id GHSA-5fvx-5p2r-4mvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aftu-kqp2-c3b5
1
vulnerability VCID-axhd-n35q-f7gd
2
vulnerability VCID-ceuu-cq6q-yke3
3
vulnerability VCID-et4h-x9fk-93fv
4
vulnerability VCID-jb3r-4ser-xye4
5
vulnerability VCID-kg26-nm7m-zyhs
6
vulnerability VCID-kqnc-x9a5-ruef
7
vulnerability VCID-nhe3-4cuv-w3ba
8
vulnerability VCID-q8k2-nnwd-huhr
9
vulnerability VCID-sw17-s2cs-q7gp
10
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3851, GHSA-5fvx-5p2r-4mvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rghf-vdbq-rqhv
19
url VCID-rgkb-gfjh-g7gd
vulnerability_id VCID-rgkb-gfjh-g7gd
summary 
Cross-site Scripting
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.
references
0
reference_url https://github.com/firefly-iii/firefly-iii/issues/3990
reference_id
reference_type
scores
url https://github.com/firefly-iii/firefly-iii/issues/3990
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
reference_id CVE-2020-27981
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.4.5
purl pkg:composer/grumpydictator/firefly-iii@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-sw17-s2cs-q7gp
17
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5
aliases CVE-2020-27981
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkb-gfjh-g7gd
20
url VCID-sw17-s2cs-q7gp
vulnerability_id VCID-sw17-s2cs-q7gp
summary Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40801
published_at 2026-06-13T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40788
published_at 2026-06-14T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-06-12T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.4061
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/pull/7043
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/pull/7043
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
4
reference_url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
reference_id 2c3489f7-6b84-48f8-9368-9cea67cf373d
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
5
reference_url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
reference_id 6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
6
reference_url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
reference_id GHSA-mwxw-hxvp-4r2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.7.18
purl pkg:composer/grumpydictator/firefly-iii@5.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18
1
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
2
url pkg:composer/grumpydictator/firefly-iii@6.0.1
purl pkg:composer/grumpydictator/firefly-iii@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1
aliases CVE-2023-1789, GHSA-mwxw-hxvp-4r2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw17-s2cs-q7gp
21
url VCID-tfe1-z4e3-27cj
vulnerability_id VCID-tfe1-z4e3-27cj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14671
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16804
published_at 2026-06-11T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.1696
published_at 2026-06-12T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16972
published_at 2026-06-13T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16946
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14671
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c
2
reference_url https://github.com/firefly-iii/firefly-iii/issues/2367
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2367
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14671
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14671
4
reference_url https://github.com/advisories/GHSA-jjcx-999m-35hc
reference_id GHSA-jjcx-999m-35hc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcx-999m-35hc
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17.4
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-rgkb-gfjh-g7gd
17
vulnerability VCID-sw17-s2cs-q7gp
18
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.4
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B4
aliases CVE-2019-14671, GHSA-jjcx-999m-35hc
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfe1-z4e3-27cj
22
url VCID-xhwg-41ac-wfe5
vulnerability_id VCID-xhwg-41ac-wfe5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13646
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51849
published_at 2026-06-11T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51979
published_at 2026-06-12T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51992
published_at 2026-06-13T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.51976
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13646
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7
3
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2339
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2339
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13646
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13646
6
reference_url https://github.com/advisories/GHSA-mrc2-h7q2-pp97
reference_id GHSA-mrc2-h7q2-pp97
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrc2-h7q2-pp97
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tfe1-z4e3-27cj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-rgkb-gfjh-g7gd
17
vulnerability VCID-sw17-s2cs-q7gp
18
vulnerability VCID-tfe1-z4e3-27cj
19
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13646, GHSA-mrc2-h7q2-pp97
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhwg-41ac-wfe5
23
url VCID-y2tf-dy3a-4kgf
vulnerability_id VCID-y2tf-dy3a-4kgf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23692
published_at 2026-06-11T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23888
published_at 2026-06-12T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23896
published_at 2026-06-13T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23873
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
3
reference_url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
5
reference_url https://github.com/advisories/GHSA-rqgp-ccph-5w65
reference_id GHSA-rqgp-ccph-5w65
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqgp-ccph-5w65
fixed_packages
aliases CVE-2021-3901, GHSA-rqgp-ccph-5w65
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2tf-dy3a-4kgf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@3.10.4