Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/grumpydictator/firefly-iii@5.2.0-alpha.1
Typecomposer
Namespacegrumpydictator
Namefirefly-iii
Version5.2.0-alpha.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.17
Latest_non_vulnerable_version6.6.3
Affected_by_vulnerabilities
0
url VCID-3xt2-zddu-5kas
vulnerability_id VCID-3xt2-zddu-5kas
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30104
published_at 2026-06-11T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.303
published_at 2026-06-12T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30318
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
3
reference_url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
5
reference_url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
reference_id GHSA-gp6w-ccqv-p7qr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3729, GHSA-gp6w-ccqv-p7qr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xt2-zddu-5kas
1
url VCID-6hv4-rqcv-qbcy
vulnerability_id VCID-6hv4-rqcv-qbcy
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29186
published_at 2026-06-11T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29386
published_at 2026-06-12T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29409
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
3
reference_url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
5
reference_url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
reference_id GHSA-xp5q-77mh-6hm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3728, GHSA-xp5q-77mh-6hm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hv4-rqcv-qbcy
2
url VCID-8wzk-5ezx-67ff
vulnerability_id VCID-8wzk-5ezx-67ff
summary Unrestricted File Upload vulnerability in Firefly III
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47209
published_at 2026-06-12T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.47069
published_at 2026-06-11T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.47224
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
2
reference_url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
reference_id CVE-2021-3846
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
4
reference_url https://github.com/advisories/GHSA-5gq7-826w-8282
reference_id GHSA-5gq7-826w-8282
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gq7-826w-8282
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aftu-kqp2-c3b5
1
vulnerability VCID-axhd-n35q-f7gd
2
vulnerability VCID-ceuu-cq6q-yke3
3
vulnerability VCID-et4h-x9fk-93fv
4
vulnerability VCID-jb3r-4ser-xye4
5
vulnerability VCID-kg26-nm7m-zyhs
6
vulnerability VCID-kqnc-x9a5-ruef
7
vulnerability VCID-nhe3-4cuv-w3ba
8
vulnerability VCID-q8k2-nnwd-huhr
9
vulnerability VCID-sw17-s2cs-q7gp
10
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3846, GHSA-5gq7-826w-8282
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8wzk-5ezx-67ff
3
url VCID-aftu-kqp2-c3b5
vulnerability_id VCID-aftu-kqp2-c3b5
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30319
published_at 2026-06-12T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30124
published_at 2026-06-11T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30337
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
3
reference_url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
reference_id CVE-2021-3921
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
5
reference_url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
reference_id GHSA-q2cv-94xm-qvg4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.3
purl pkg:composer/grumpydictator/firefly-iii@5.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axhd-n35q-f7gd
1
vulnerability VCID-ceuu-cq6q-yke3
2
vulnerability VCID-et4h-x9fk-93fv
3
vulnerability VCID-kg26-nm7m-zyhs
4
vulnerability VCID-kqnc-x9a5-ruef
5
vulnerability VCID-nhe3-4cuv-w3ba
6
vulnerability VCID-q8k2-nnwd-huhr
7
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3
aliases CVE-2021-3921, GHSA-q2cv-94xm-qvg4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aftu-kqp2-c3b5
4
url VCID-axhd-n35q-f7gd
vulnerability_id VCID-axhd-n35q-f7gd
summary Cross Site Request Forgery in firefly-iii
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37002
published_at 2026-06-12T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36825
published_at 2026-06-11T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37031
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
3
reference_url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
reference_id CVE-2021-4005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
5
reference_url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
reference_id GHSA-hjhp-hwfj-hwf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
5
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4005, GHSA-hjhp-hwfj-hwf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axhd-n35q-f7gd
5
url VCID-ceuu-cq6q-yke3
vulnerability_id VCID-ceuu-cq6q-yke3
summary C5 Firefly III CSV Injection.
references
0
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
1
reference_url https://github.com/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29w6-c52g-m8jc
2
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.7
purl pkg:composer/grumpydictator/firefly-iii@6.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7
aliases GHSA-29w6-c52g-m8jc, GMS-2024-52
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-cq6q-yke3
6
url VCID-dx84-whcp-c3dd
vulnerability_id VCID-dx84-whcp-c3dd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36676
published_at 2026-06-11T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36855
published_at 2026-06-12T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.3688
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
4
reference_url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
6
reference_url https://github.com/advisories/GHSA-56cx-wf47-hx7w
reference_id GHSA-56cx-wf47-hx7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56cx-wf47-hx7w
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.5.13
purl pkg:composer/grumpydictator/firefly-iii@5.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-et4h-x9fk-93fv
7
vulnerability VCID-f5bt-361e-cfcg
8
vulnerability VCID-fpjt-5gb4-9fcg
9
vulnerability VCID-jb3r-4ser-xye4
10
vulnerability VCID-kg26-nm7m-zyhs
11
vulnerability VCID-kqnc-x9a5-ruef
12
vulnerability VCID-nhe3-4cuv-w3ba
13
vulnerability VCID-q8k2-nnwd-huhr
14
vulnerability VCID-rghf-vdbq-rqhv
15
vulnerability VCID-sw17-s2cs-q7gp
16
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13
1
url pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-et4h-x9fk-93fv
7
vulnerability VCID-f5bt-361e-cfcg
8
vulnerability VCID-fpjt-5gb4-9fcg
9
vulnerability VCID-jb3r-4ser-xye4
10
vulnerability VCID-kg26-nm7m-zyhs
11
vulnerability VCID-kqnc-x9a5-ruef
12
vulnerability VCID-nhe3-4cuv-w3ba
13
vulnerability VCID-q8k2-nnwd-huhr
14
vulnerability VCID-rghf-vdbq-rqhv
15
vulnerability VCID-sw17-s2cs-q7gp
16
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
aliases CVE-2021-3663, GHSA-56cx-wf47-hx7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx84-whcp-c3dd
7
url VCID-et4h-x9fk-93fv
vulnerability_id VCID-et4h-x9fk-93fv
summary Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31777
published_at 2026-06-11T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.31982
published_at 2026-06-13T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.31965
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
3
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
reference_id CVE-2024-22075
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
5
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
reference_id front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
6
reference_url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
reference_id GHSA-vwv2-9wcj-64vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
7
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
reference_id v6.1.1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.1
purl pkg:composer/grumpydictator/firefly-iii@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1
aliases CVE-2024-22075, GHSA-vwv2-9wcj-64vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et4h-x9fk-93fv
8
url VCID-f5bt-361e-cfcg
vulnerability_id VCID-f5bt-361e-cfcg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.3404
published_at 2026-06-11T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34216
published_at 2026-06-12T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.3424
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
3
reference_url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
reference_id CVE-2021-3819
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
5
reference_url https://github.com/advisories/GHSA-356r-77q8-f64f
reference_id GHSA-356r-77q8-f64f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-356r-77q8-f64f
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-jb3r-4ser-xye4
6
vulnerability VCID-kg26-nm7m-zyhs
7
vulnerability VCID-kqnc-x9a5-ruef
8
vulnerability VCID-nhe3-4cuv-w3ba
9
vulnerability VCID-q8k2-nnwd-huhr
10
vulnerability VCID-rghf-vdbq-rqhv
11
vulnerability VCID-sw17-s2cs-q7gp
12
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1
aliases CVE-2021-3819, GHSA-356r-77q8-f64f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5bt-361e-cfcg
9
url VCID-fpjt-5gb4-9fcg
vulnerability_id VCID-fpjt-5gb4-9fcg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29186
published_at 2026-06-11T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29386
published_at 2026-06-12T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29409
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
3
reference_url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
5
reference_url https://github.com/advisories/GHSA-c676-mcw3-qg55
reference_id GHSA-c676-mcw3-qg55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c676-mcw3-qg55
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8wzk-5ezx-67ff
1
vulnerability VCID-aftu-kqp2-c3b5
2
vulnerability VCID-axhd-n35q-f7gd
3
vulnerability VCID-ceuu-cq6q-yke3
4
vulnerability VCID-et4h-x9fk-93fv
5
vulnerability VCID-f5bt-361e-cfcg
6
vulnerability VCID-jb3r-4ser-xye4
7
vulnerability VCID-kg26-nm7m-zyhs
8
vulnerability VCID-kqnc-x9a5-ruef
9
vulnerability VCID-nhe3-4cuv-w3ba
10
vulnerability VCID-q8k2-nnwd-huhr
11
vulnerability VCID-rghf-vdbq-rqhv
12
vulnerability VCID-sw17-s2cs-q7gp
13
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3730, GHSA-c676-mcw3-qg55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpjt-5gb4-9fcg
10
url VCID-jb3r-4ser-xye4
vulnerability_id VCID-jb3r-4ser-xye4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47084
published_at 2026-06-11T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47224
published_at 2026-06-12T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.47238
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
3
reference_url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
5
reference_url https://github.com/advisories/GHSA-pfj7-w373-gqch
reference_id GHSA-pfj7-w373-gqch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfj7-w373-gqch
fixed_packages
aliases CVE-2021-3900, GHSA-pfj7-w373-gqch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jb3r-4ser-xye4
11
url VCID-kg26-nm7m-zyhs
vulnerability_id VCID-kg26-nm7m-zyhs
summary Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08494
published_at 2026-06-13T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08491
published_at 2026-06-12T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08452
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
reference_id CVE-2024-37893
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
3
reference_url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
4
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
5
reference_url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
reference_id mfa-bypass
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
6
reference_url https://owasp.org/www-community/attacks/Password_Spraying_Attack
reference_id Password_Spraying_Attack
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://owasp.org/www-community/attacks/Password_Spraying_Attack
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.17
purl pkg:composer/grumpydictator/firefly-iii@6.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17
aliases CVE-2024-37893, GHSA-4gm4-c4mh-4p7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kg26-nm7m-zyhs
12
url VCID-kqnc-x9a5-ruef
vulnerability_id VCID-kqnc-x9a5-ruef
summary Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37497
published_at 2026-06-12T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37521
published_at 2026-06-13T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.3732
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
3
reference_url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
reference_id 9689052c-c1d7-4aae-aa08-346c9b6e04ed
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
4
reference_url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
reference_id db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
5
reference_url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
reference_id GHSA-7mc4-jp4f-v2j2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.8.0
purl pkg:composer/grumpydictator/firefly-iii@5.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0
aliases CVE-2023-0298, GHSA-7mc4-jp4f-v2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqnc-x9a5-ruef
13
url VCID-nhe3-4cuv-w3ba
vulnerability_id VCID-nhe3-4cuv-w3ba
summary Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45637
published_at 2026-06-12T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45646
published_at 2026-06-13T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45489
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
3
reference_url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
reference_id 68f398f97cbe1870fc098d8460bf903b9c3fab30
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
4
reference_url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
reference_id 79323c9e-e0e5-48ef-bd19-d0b09587ccb2
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
5
reference_url https://github.com/advisories/GHSA-h7vv-46p5-prmh
reference_id GHSA-h7vv-46p5-prmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7vv-46p5-prmh
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
aliases CVE-2023-1788, GHSA-h7vv-46p5-prmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe3-4cuv-w3ba
14
url VCID-q8k2-nnwd-huhr
vulnerability_id VCID-q8k2-nnwd-huhr
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37002
published_at 2026-06-12T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36825
published_at 2026-06-11T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37031
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
4
reference_url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
reference_id CVE-2021-4015
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
6
reference_url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
reference_id GHSA-g6vq-wc8w-4g69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.4
purl pkg:composer/grumpydictator/firefly-iii@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axhd-n35q-f7gd
1
vulnerability VCID-ceuu-cq6q-yke3
2
vulnerability VCID-et4h-x9fk-93fv
3
vulnerability VCID-kg26-nm7m-zyhs
4
vulnerability VCID-kqnc-x9a5-ruef
5
vulnerability VCID-nhe3-4cuv-w3ba
6
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4
1
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
5
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4015, GHSA-g6vq-wc8w-4g69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8k2-nnwd-huhr
15
url VCID-rghf-vdbq-rqhv
vulnerability_id VCID-rghf-vdbq-rqhv
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37903
published_at 2026-06-11T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38079
published_at 2026-06-12T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38105
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
3
reference_url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
5
reference_url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
reference_id GHSA-5fvx-5p2r-4mvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-aftu-kqp2-c3b5
1
vulnerability VCID-axhd-n35q-f7gd
2
vulnerability VCID-ceuu-cq6q-yke3
3
vulnerability VCID-et4h-x9fk-93fv
4
vulnerability VCID-jb3r-4ser-xye4
5
vulnerability VCID-kg26-nm7m-zyhs
6
vulnerability VCID-kqnc-x9a5-ruef
7
vulnerability VCID-nhe3-4cuv-w3ba
8
vulnerability VCID-q8k2-nnwd-huhr
9
vulnerability VCID-sw17-s2cs-q7gp
10
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3851, GHSA-5fvx-5p2r-4mvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rghf-vdbq-rqhv
16
url VCID-rgkb-gfjh-g7gd
vulnerability_id VCID-rgkb-gfjh-g7gd
summary 
Cross-site Scripting
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.
references
0
reference_url https://github.com/firefly-iii/firefly-iii/issues/3990
reference_id
reference_type
scores
url https://github.com/firefly-iii/firefly-iii/issues/3990
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
reference_id CVE-2020-27981
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.4.5
purl pkg:composer/grumpydictator/firefly-iii@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3xt2-zddu-5kas
1
vulnerability VCID-6hv4-rqcv-qbcy
2
vulnerability VCID-8wzk-5ezx-67ff
3
vulnerability VCID-aftu-kqp2-c3b5
4
vulnerability VCID-axhd-n35q-f7gd
5
vulnerability VCID-ceuu-cq6q-yke3
6
vulnerability VCID-dx84-whcp-c3dd
7
vulnerability VCID-et4h-x9fk-93fv
8
vulnerability VCID-f5bt-361e-cfcg
9
vulnerability VCID-fpjt-5gb4-9fcg
10
vulnerability VCID-jb3r-4ser-xye4
11
vulnerability VCID-kg26-nm7m-zyhs
12
vulnerability VCID-kqnc-x9a5-ruef
13
vulnerability VCID-nhe3-4cuv-w3ba
14
vulnerability VCID-q8k2-nnwd-huhr
15
vulnerability VCID-rghf-vdbq-rqhv
16
vulnerability VCID-sw17-s2cs-q7gp
17
vulnerability VCID-y2tf-dy3a-4kgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5
aliases CVE-2020-27981
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkb-gfjh-g7gd
17
url VCID-sw17-s2cs-q7gp
vulnerability_id VCID-sw17-s2cs-q7gp
summary Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.4061
published_at 2026-06-11T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40801
published_at 2026-06-13T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/pull/7043
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/pull/7043
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
4
reference_url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
reference_id 2c3489f7-6b84-48f8-9368-9cea67cf373d
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
5
reference_url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
reference_id 6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
6
reference_url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
reference_id GHSA-mwxw-hxvp-4r2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.7.18
purl pkg:composer/grumpydictator/firefly-iii@5.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-kqnc-x9a5-ruef
4
vulnerability VCID-nhe3-4cuv-w3ba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18
1
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
3
vulnerability VCID-sw17-s2cs-q7gp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
2
url pkg:composer/grumpydictator/firefly-iii@6.0.1
purl pkg:composer/grumpydictator/firefly-iii@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ceuu-cq6q-yke3
1
vulnerability VCID-et4h-x9fk-93fv
2
vulnerability VCID-kg26-nm7m-zyhs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1
aliases CVE-2023-1789, GHSA-mwxw-hxvp-4r2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw17-s2cs-q7gp
18
url VCID-y2tf-dy3a-4kgf
vulnerability_id VCID-y2tf-dy3a-4kgf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23692
published_at 2026-06-11T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23888
published_at 2026-06-12T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23896
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
3
reference_url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
5
reference_url https://github.com/advisories/GHSA-rqgp-ccph-5w65
reference_id GHSA-rqgp-ccph-5w65
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqgp-ccph-5w65
fixed_packages
aliases CVE-2021-3901, GHSA-rqgp-ccph-5w65
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2tf-dy3a-4kgf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.2.0-alpha.1