Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/510785?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/510785?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.2.0-alpha.1", "type": "composer", "namespace": "grumpydictator", "name": "firefly-iii", "version": "5.2.0-alpha.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.1.17", "latest_non_vulnerable_version": "6.6.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343238?format=api", "vulnerability_id": "VCID-3xt2-zddu-5kas", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30104", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.303", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3729" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712" }, { "reference_url": "https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3729", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3729" }, { "reference_url": "https://github.com/advisories/GHSA-gp6w-ccqv-p7qr", "reference_id": "GHSA-gp6w-ccqv-p7qr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gp6w-ccqv-p7qr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382849?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0" } ], "aliases": [ "CVE-2021-3729", "GHSA-gp6w-ccqv-p7qr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xt2-zddu-5kas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343237?format=api", "vulnerability_id": "VCID-6hv4-rqcv-qbcy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29186", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29386", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3728" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e" }, { "reference_url": "https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3728", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3728" }, { "reference_url": "https://github.com/advisories/GHSA-xp5q-77mh-6hm2", "reference_id": "GHSA-xp5q-77mh-6hm2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp5q-77mh-6hm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382849?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0" } ], "aliases": [ "CVE-2021-3728", "GHSA-xp5q-77mh-6hm2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hv4-rqcv-qbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210553?format=api", "vulnerability_id": "VCID-8wzk-5ezx-67ff", "summary": "Unrestricted File Upload vulnerability in Firefly III", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47209", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47069", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3846" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b" }, { "reference_url": "https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3846", "reference_id": "CVE-2021-3846", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3846" }, { "reference_url": "https://github.com/advisories/GHSA-5gq7-826w-8282", "reference_id": "GHSA-5gq7-826w-8282", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5gq7-826w-8282" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23721?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2" } ], "aliases": [ "CVE-2021-3846", "GHSA-5gq7-826w-8282" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wzk-5ezx-67ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206582?format=api", "vulnerability_id": "VCID-aftu-kqp2-c3b5", "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30319", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30124", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3921" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684" }, { "reference_url": "https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3921", "reference_id": "CVE-2021-3921", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3921" }, { "reference_url": "https://github.com/advisories/GHSA-q2cv-94xm-qvg4", "reference_id": "GHSA-q2cv-94xm-qvg4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2cv-94xm-qvg4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18016?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3" } ], "aliases": [ "CVE-2021-3921", "GHSA-q2cv-94xm-qvg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aftu-kqp2-c3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206914?format=api", "vulnerability_id": "VCID-axhd-n35q-f7gd", "summary": "Cross Site Request Forgery in firefly-iii", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37002", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36825", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4005" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053" }, { "reference_url": "https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4005", "reference_id": "CVE-2021-4005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4005" }, { "reference_url": "https://github.com/advisories/GHSA-hjhp-hwfj-hwf3", "reference_id": "GHSA-hjhp-hwfj-hwf3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjhp-hwfj-hwf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18182?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5" } ], "aliases": [ "CVE-2021-4005", "GHSA-hjhp-hwfj-hwf3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axhd-n35q-f7gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211669?format=api", "vulnerability_id": "VCID-ceuu-cq6q-yke3", "summary": "C5 Firefly III CSV Injection.", "references": [ { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/advisories/GHSA-29w6-c52g-m8jc", "reference_id": "GHSA-29w6-c52g-m8jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29w6-c52g-m8jc" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc", "reference_id": "GHSA-29w6-c52g-m8jc", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28667?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kg26-nm7m-zyhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7" } ], "aliases": [ "GHSA-29w6-c52g-m8jc", "GMS-2024-52" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ceuu-cq6q-yke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343212?format=api", "vulnerability_id": "VCID-dx84-whcp-c3dd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36676", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36855", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3663" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13" }, { "reference_url": "https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3663", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3663" }, { "reference_url": "https://github.com/advisories/GHSA-56cx-wf47-hx7w", "reference_id": "GHSA-56cx-wf47-hx7w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-56cx-wf47-hx7w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382953?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xt2-zddu-5kas" }, { "vulnerability": "VCID-6hv4-rqcv-qbcy" }, { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-fpjt-5gb4-9fcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/510829?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xt2-zddu-5kas" }, { "vulnerability": "VCID-6hv4-rqcv-qbcy" }, { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-fpjt-5gb4-9fcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1" } ], "aliases": [ "CVE-2021-3663", "GHSA-56cx-wf47-hx7w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx84-whcp-c3dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62348?format=api", "vulnerability_id": "VCID-et4h-x9fk-93fv", "summary": "Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31777", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31965", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22075" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21" }, { "reference_url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22075", "reference_id": "CVE-2024-22075", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22075" }, { "reference_url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/", "reference_id": "front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/" } ], "url": "https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/" }, { "reference_url": "https://github.com/advisories/GHSA-vwv2-9wcj-64vx", "reference_id": "GHSA-vwv2-9wcj-64vx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwv2-9wcj-64vx" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1", "reference_id": "v6.1.1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/" } ], "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28277?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1" } ], "aliases": [ "CVE-2024-22075", "GHSA-vwv2-9wcj-64vx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-et4h-x9fk-93fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343277?format=api", "vulnerability_id": "VCID-f5bt-361e-cfcg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3404", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34216", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3819" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9" }, { "reference_url": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3819", "reference_id": "CVE-2021-3819", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3819" }, { "reference_url": "https://github.com/advisories/GHSA-356r-77q8-f64f", "reference_id": "GHSA-356r-77q8-f64f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-356r-77q8-f64f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382494?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1" } ], "aliases": [ "CVE-2021-3819", "GHSA-356r-77q8-f64f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5bt-361e-cfcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343239?format=api", "vulnerability_id": "VCID-fpjt-5gb4-9fcg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29186", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29386", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3730" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6" }, { "reference_url": "https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3730", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3730" }, { "reference_url": "https://github.com/advisories/GHSA-c676-mcw3-qg55", "reference_id": "GHSA-c676-mcw3-qg55", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c676-mcw3-qg55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382849?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0" } ], "aliases": [ "CVE-2021-3730", "GHSA-c676-mcw3-qg55" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpjt-5gb4-9fcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343308?format=api", "vulnerability_id": "VCID-jb3r-4ser-xye4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47084", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47224", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3900" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635" }, { "reference_url": "https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3900", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3900" }, { "reference_url": "https://github.com/advisories/GHSA-pfj7-w373-gqch", "reference_id": "GHSA-pfj7-w373-gqch", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pfj7-w373-gqch" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3900", "GHSA-pfj7-w373-gqch" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jb3r-4ser-xye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45371?format=api", "vulnerability_id": "VCID-kg26-nm7m-zyhs", "summary": "Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password. This problem has been patched in Firefly III v6.1.17 and up. Users are advised to upgrade. Users unable to upgrade should Use a unique password for their Firefly III instance and store their password securely, i.e. in a password manager.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08491", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08452", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37893" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37893", "reference_id": "CVE-2024-37893", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37893" }, { "reference_url": "https://github.com/advisories/GHSA-4gm4-c4mh-4p7w", "reference_id": "GHSA-4gm4-c4mh-4p7w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4gm4-c4mh-4p7w" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w", "reference_id": "GHSA-4gm4-c4mh-4p7w", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/" } ], "url": "https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w" }, { "reference_url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass", "reference_id": "mfa-bypass", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/" } ], "url": "https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass" }, { "reference_url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack", "reference_id": "Password_Spraying_Attack", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/" } ], "url": "https://owasp.org/www-community/attacks/Password_Spraying_Attack" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32226?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.1.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17" } ], "aliases": [ "CVE-2024-37893", "GHSA-4gm4-c4mh-4p7w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg26-nm7m-zyhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148463?format=api", "vulnerability_id": "VCID-kqnc-x9a5-ruef", "summary": "Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37497", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3732", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0298" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0298", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0298" }, { "reference_url": "https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed", "reference_id": "9689052c-c1d7-4aae-aa08-346c9b6e04ed", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/" } ], "url": "https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4", "reference_id": "db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4" }, { "reference_url": "https://github.com/advisories/GHSA-7mc4-jp4f-v2j2", "reference_id": "GHSA-7mc4-jp4f-v2j2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mc4-jp4f-v2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380034?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0" } ], "aliases": [ "CVE-2023-0298", "GHSA-7mc4-jp4f-v2j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kqnc-x9a5-ruef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144776?format=api", "vulnerability_id": "VCID-nhe3-4cuv-w3ba", "summary": "Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45637", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45489", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1788" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1788", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1788" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30", "reference_id": "68f398f97cbe1870fc098d8460bf903b9c3fab30", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30" }, { "reference_url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2", "reference_id": "79323c9e-e0e5-48ef-bd19-d0b09587ccb2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/" } ], "url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2" }, { "reference_url": "https://github.com/advisories/GHSA-h7vv-46p5-prmh", "reference_id": "GHSA-h7vv-46p5-prmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7vv-46p5-prmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379462?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0" } ], "aliases": [ "CVE-2023-1788", "GHSA-h7vv-46p5-prmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe3-4cuv-w3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206784?format=api", "vulnerability_id": "VCID-q8k2-nnwd-huhr", "summary": "firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37002", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36825", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4015" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5" }, { "reference_url": "https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4015", "reference_id": "CVE-2021-4015", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4015" }, { "reference_url": "https://github.com/advisories/GHSA-g6vq-wc8w-4g69", "reference_id": "GHSA-g6vq-wc8w-4g69", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g6vq-wc8w-4g69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/391948?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/18182?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5" } ], "aliases": [ "CVE-2021-4015", "GHSA-g6vq-wc8w-4g69" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8k2-nnwd-huhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343296?format=api", "vulnerability_id": "VCID-rghf-vdbq-rqhv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37903", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38079", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3851" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d" }, { "reference_url": "https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3851" }, { "reference_url": "https://github.com/advisories/GHSA-5fvx-5p2r-4mvp", "reference_id": "GHSA-5fvx-5p2r-4mvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fvx-5p2r-4mvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23721?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2" } ], "aliases": [ "CVE-2021-3851", "GHSA-5fvx-5p2r-4mvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rghf-vdbq-rqhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/364451?format=api", "vulnerability_id": "VCID-rgkb-gfjh-g7gd", "summary": "Cross-site Scripting\nAn XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.", "references": [ { "reference_url": "https://github.com/firefly-iii/firefly-iii/issues/3990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/firefly-iii/firefly-iii/issues/3990" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27981", "reference_id": "CVE-2020-27981", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510812?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xt2-zddu-5kas" }, { "vulnerability": "VCID-6hv4-rqcv-qbcy" }, { "vulnerability": "VCID-8wzk-5ezx-67ff" }, { "vulnerability": "VCID-aftu-kqp2-c3b5" }, { "vulnerability": "VCID-axhd-n35q-f7gd" }, { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-dx84-whcp-c3dd" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-f5bt-361e-cfcg" }, { "vulnerability": "VCID-fpjt-5gb4-9fcg" }, { "vulnerability": "VCID-jb3r-4ser-xye4" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" }, { "vulnerability": "VCID-q8k2-nnwd-huhr" }, { "vulnerability": "VCID-rghf-vdbq-rqhv" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" }, { "vulnerability": "VCID-y2tf-dy3a-4kgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5" } ], "aliases": [ "CVE-2020-27981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkb-gfjh-g7gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144394?format=api", "vulnerability_id": "VCID-sw17-s2cs-q7gp", "summary": "Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40778", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.4061", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1789" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/pull/7043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/pull/7043" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1789" }, { "reference_url": "https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d", "reference_id": "2c3489f7-6b84-48f8-9368-9cea67cf373d", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/" } ], "url": "https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5", "reference_id": "6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5" }, { "reference_url": "https://github.com/advisories/GHSA-mwxw-hxvp-4r2r", "reference_id": "GHSA-mwxw-hxvp-4r2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwxw-hxvp-4r2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/393176?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@5.7.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-kqnc-x9a5-ruef" }, { "vulnerability": "VCID-nhe3-4cuv-w3ba" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/379462?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" }, { "vulnerability": "VCID-sw17-s2cs-q7gp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/393177?format=api", "purl": "pkg:composer/grumpydictator/firefly-iii@6.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ceuu-cq6q-yke3" }, { "vulnerability": "VCID-et4h-x9fk-93fv" }, { "vulnerability": "VCID-kg26-nm7m-zyhs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1" } ], "aliases": [ "CVE-2023-1789", "GHSA-mwxw-hxvp-4r2r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw17-s2cs-q7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/343309?format=api", "vulnerability_id": "VCID-y2tf-dy3a-4kgf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23692", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23888", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3901" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii" }, { "reference_url": "https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2" }, { "reference_url": "https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3901", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3901" }, { "reference_url": "https://github.com/advisories/GHSA-rqgp-ccph-5w65", "reference_id": "GHSA-rqgp-ccph-5w65", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqgp-ccph-5w65" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3901", "GHSA-rqgp-ccph-5w65" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2tf-dy3a-4kgf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.2.0-alpha.1" }