Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/snipe/snipe-it@5.0.1
Typecomposer
Namespacesnipe
Namesnipe-it
Version5.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.4.1
Latest_non_vulnerable_version8.4.1
Affected_by_vulnerabilities
0
url VCID-14bz-dte7-juay
vulnerability_id VCID-14bz-dte7-juay
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3863
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47133
published_at 2026-06-11T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47274
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3863
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/fc5efd857f61f7e45c61db567bb66612bcb53128
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/fc5efd857f61f7e45c61db567bb66612bcb53128
3
reference_url https://github.com/snipe/snipe-it/releases/tag/v5.3.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v5.3.0
4
reference_url https://huntr.dev/bounties/1dbc8d79-1b53-44a3-a576-faec78f29ba0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/1dbc8d79-1b53-44a3-a576-faec78f29ba0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3863
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3863
6
reference_url https://github.com/advisories/GHSA-5rg2-6qr5-2xp8
reference_id GHSA-5rg2-6qr5-2xp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rg2-6qr5-2xp8
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.0
purl pkg:composer/snipe/snipe-it@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-2mpv-u96h-a7dm
4
vulnerability VCID-3amw-v6wf-8yg7
5
vulnerability VCID-3jws-ajsq-v7eq
6
vulnerability VCID-4n88-ybjw-bqdk
7
vulnerability VCID-6hks-9uk3-23at
8
vulnerability VCID-6zw4-uug8-yfd9
9
vulnerability VCID-7d3x-8s7g-ykds
10
vulnerability VCID-7gkx-ws2v-hyd7
11
vulnerability VCID-7kdb-yy6k-ebd1
12
vulnerability VCID-8yxm-uj2h-rufj
13
vulnerability VCID-925h-gz4a-xqf2
14
vulnerability VCID-b1qv-6g2z-x7b2
15
vulnerability VCID-c3sg-db87-9ff8
16
vulnerability VCID-d9f2-h26a-dyam
17
vulnerability VCID-dvgd-81c2-e3ee
18
vulnerability VCID-ejxc-gtuk-fyfx
19
vulnerability VCID-f2cp-ca22-gba8
20
vulnerability VCID-fa65-f6am-efgj
21
vulnerability VCID-hmss-qvuy-rfcx
22
vulnerability VCID-m4sh-qung-vfbq
23
vulnerability VCID-mfeg-t1ta-a3ck
24
vulnerability VCID-nddv-x2uq-vyeu
25
vulnerability VCID-pqxq-5v7x-rydd
26
vulnerability VCID-q6b1-jhef-8fap
27
vulnerability VCID-qq58-u49k-ybgk
28
vulnerability VCID-qy5r-zztu-qubx
29
vulnerability VCID-qyeh-yjgg-zfdf
30
vulnerability VCID-ry56-8zuz-3bda
31
vulnerability VCID-ssbq-f1d6-m7bh
32
vulnerability VCID-sw8p-bapa-sbc8
33
vulnerability VCID-sx4p-2hvz-eue4
34
vulnerability VCID-uksu-hbtt-6qdk
35
vulnerability VCID-urgt-uz5n-zyds
36
vulnerability VCID-v3vx-zast-efeg
37
vulnerability VCID-w4pf-389e-gudt
38
vulnerability VCID-wcjg-sccj-zugf
39
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.0
aliases CVE-2021-3863, GHSA-5rg2-6qr5-2xp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14bz-dte7-juay
1
url VCID-182g-yzu7-57ch
vulnerability_id VCID-182g-yzu7-57ch
summary Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06967
published_at 2026-06-11T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06996
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
1
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
2
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
4
reference_url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
reference_id GHSA-fww5-m9wc-jcjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
5
reference_url http://snipeitapp.com
reference_id snipeitapp.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url http://snipeitapp.com
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3amw-v6wf-8yg7
1
vulnerability VCID-3jws-ajsq-v7eq
2
vulnerability VCID-7d3x-8s7g-ykds
3
vulnerability VCID-b1qv-6g2z-x7b2
4
vulnerability VCID-ry56-8zuz-3bda
5
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65621, GHSA-fww5-m9wc-jcjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-182g-yzu7-57ch
2
url VCID-1aq3-9h3n-myct
vulnerability_id VCID-1aq3-9h3n-myct
summary Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54303
published_at 2026-06-11T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.54428
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
3
reference_url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
reference_id CVE-2024-51093
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T18:08:52Z/
url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
4
reference_url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
reference_id GHSA-hw9x-8m75-4vjq
reference_type
scores
url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
fixed_packages
aliases CVE-2024-51093, GHSA-hw9x-8m75-4vjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1aq3-9h3n-myct
3
url VCID-1thr-9zfa-1yhp
vulnerability_id VCID-1thr-9zfa-1yhp
summary Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51878
published_at 2026-06-12T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51749
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
2
reference_url https://github.com/grokability/snipe-it/pull/16672
reference_id 16672
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/pull/16672
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
reference_id CVE-2025-47226
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
4
reference_url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
reference_id GHSA-h3vp-qwmx-5j25
reference_type
scores
url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
5
reference_url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
reference_id idor-exploit.md
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
6
reference_url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
reference_id v8.0.4...v8.1.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
7
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
reference_id v8.1.0
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.0
purl pkg:composer/snipe/snipe-it@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-4n88-ybjw-bqdk
4
vulnerability VCID-7d3x-8s7g-ykds
5
vulnerability VCID-7gkx-ws2v-hyd7
6
vulnerability VCID-b1qv-6g2z-x7b2
7
vulnerability VCID-ejxc-gtuk-fyfx
8
vulnerability VCID-ry56-8zuz-3bda
9
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.0
aliases CVE-2025-47226, GHSA-h3vp-qwmx-5j25
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1thr-9zfa-1yhp
4
url VCID-2mpv-u96h-a7dm
vulnerability_id VCID-2mpv-u96h-a7dm
summary Server-Side Request Forgery in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4075
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51297
published_at 2026-06-12T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4075
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/4612b9e711b3ff5d2bcddbec5b18866d25f8e34e
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/4612b9e711b3ff5d2bcddbec5b18866d25f8e34e
3
reference_url https://huntr.dev/bounties/4386fd8b-8c80-42bb-87b8-b506c46597de
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4386fd8b-8c80-42bb-87b8-b506c46597de
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4075
reference_id CVE-2021-4075
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4075
5
reference_url https://github.com/advisories/GHSA-553q-hpvp-q8pc
reference_id GHSA-553q-hpvp-q8pc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-553q-hpvp-q8pc
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.0-GM
purl pkg:composer/snipe/snipe-it@6.0.0-GM
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-GM
aliases CVE-2021-4075, GHSA-553q-hpvp-q8pc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mpv-u96h-a7dm
5
url VCID-3amw-v6wf-8yg7
vulnerability_id VCID-3amw-v6wf-8yg7
summary Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page. NOTE: this is disputed by the Supplier because the report only demonstrates that an authenticated user can choose to conduct a man-in-the-middle attack against himself.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02114
published_at 2026-06-12T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
1
reference_url https://github.com/cybercrewinc/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cybercrewinc/CVE-2025-64027
2
reference_url https://github.com/cybercrewinc/CVE-2025-64027/
reference_id CVE-2025-64027
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/cybercrewinc/CVE-2025-64027/
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
4
reference_url https://github.com/advisories/GHSA-8x9v-8qgj-945x
reference_id GHSA-8x9v-8qgj-945x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x9v-8qgj-945x
5
reference_url https://github.com/grokability/snipe-it
reference_id snipe-it
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/grokability/snipe-it
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.5
purl pkg:composer/snipe/snipe-it@8.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jws-ajsq-v7eq
1
vulnerability VCID-7d3x-8s7g-ykds
2
vulnerability VCID-b1qv-6g2z-x7b2
3
vulnerability VCID-ry56-8zuz-3bda
4
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.5
aliases CVE-2025-64027, GHSA-8x9v-8qgj-945x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3amw-v6wf-8yg7
6
url VCID-3jws-ajsq-v7eq
vulnerability_id VCID-3jws-ajsq-v7eq
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0209
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02094
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
2
reference_url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
reference_id e37649212861a337e68a624e589c3540b7a82373
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
3
reference_url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44833, GHSA-mghp-5cq4-v6mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jws-ajsq-v7eq
7
url VCID-4n88-ybjw-bqdk
vulnerability_id VCID-4n88-ybjw-bqdk
summary Snipe-IT before 8.1.18 allows unsafe deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12084
published_at 2026-06-12T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11991
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
2
reference_url https://github.com/advisories/GHSA-phwj-fgch-xvrj
reference_id GHSA-phwj-fgch-xvrj
reference_type
scores
url https://github.com/advisories/GHSA-phwj-fgch-xvrj
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id v8.1.18
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T13:49:18Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-7d3x-8s7g-ykds
4
vulnerability VCID-7gkx-ws2v-hyd7
5
vulnerability VCID-b1qv-6g2z-x7b2
6
vulnerability VCID-ry56-8zuz-3bda
7
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59713, GHSA-phwj-fgch-xvrj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n88-ybjw-bqdk
8
url VCID-6hks-9uk3-23at
vulnerability_id VCID-6hks-9uk3-23at
summary Insufficient Session Expiration in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2997
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58157
published_at 2026-06-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58044
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2997
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1
3
reference_url https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2997
reference_id CVE-2022-2997
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2997
5
reference_url https://github.com/advisories/GHSA-cmxc-9ghj-jp87
reference_id GHSA-cmxc-9ghj-jp87
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmxc-9ghj-jp87
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.10
purl pkg:composer/snipe/snipe-it@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-925h-gz4a-xqf2
11
vulnerability VCID-b1qv-6g2z-x7b2
12
vulnerability VCID-ejxc-gtuk-fyfx
13
vulnerability VCID-hmss-qvuy-rfcx
14
vulnerability VCID-mfeg-t1ta-a3ck
15
vulnerability VCID-ry56-8zuz-3bda
16
vulnerability VCID-uksu-hbtt-6qdk
17
vulnerability VCID-v3vx-zast-efeg
18
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.10
aliases CVE-2022-2997, GHSA-cmxc-9ghj-jp87
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hks-9uk3-23at
9
url VCID-6zw4-uug8-yfd9
vulnerability_id VCID-6zw4-uug8-yfd9
summary Improper Access Control in snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0178
reference_id
reference_type
scores
0
value 0.00213
scoring_system epss
scoring_elements 0.44016
published_at 2026-06-12T12:55:00Z
1
value 0.00213
scoring_system epss
scoring_elements 0.43861
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0178
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
3
reference_url https://github.com/snipe/snipe-it/commit/512dbfee7acfcafa1524c8b2fb4cc4ef96958d0b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/512dbfee7acfcafa1524c8b2fb4cc4ef96958d0b
4
reference_url https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0178
reference_id CVE-2022-0178
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0178
6
reference_url https://github.com/advisories/GHSA-xc47-3rch-cv57
reference_id GHSA-xc47-3rch-cv57
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc47-3rch-cv57
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.8
purl pkg:composer/snipe/snipe-it@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-d9f2-h26a-dyam
15
vulnerability VCID-ejxc-gtuk-fyfx
16
vulnerability VCID-f2cp-ca22-gba8
17
vulnerability VCID-hmss-qvuy-rfcx
18
vulnerability VCID-mfeg-t1ta-a3ck
19
vulnerability VCID-nddv-x2uq-vyeu
20
vulnerability VCID-qq58-u49k-ybgk
21
vulnerability VCID-qy5r-zztu-qubx
22
vulnerability VCID-qyeh-yjgg-zfdf
23
vulnerability VCID-ry56-8zuz-3bda
24
vulnerability VCID-ssbq-f1d6-m7bh
25
vulnerability VCID-uksu-hbtt-6qdk
26
vulnerability VCID-urgt-uz5n-zyds
27
vulnerability VCID-v3vx-zast-efeg
28
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.8
aliases CVE-2022-0178, GHSA-xc47-3rch-cv57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6zw4-uug8-yfd9
10
url VCID-7d3x-8s7g-ykds
vulnerability_id VCID-7d3x-8s7g-ykds
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01991
published_at 2026-06-11T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.01994
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
2
reference_url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
reference_id 28f493d84d057895fbb93b6570e7393a2c2fa438
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
3
reference_url https://github.com/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r42m-953q-6vjx
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44831, GHSA-r42m-953q-6vjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d3x-8s7g-ykds
11
url VCID-7gkx-ws2v-hyd7
vulnerability_id VCID-7gkx-ws2v-hyd7
summary Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.0774
published_at 2026-06-12T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07704
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
1
reference_url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
3
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
5
reference_url https://github.com/advisories/GHSA-4g25-wj72-chxg
reference_id GHSA-4g25-wj72-chxg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g25-wj72-chxg
6
reference_url http://snipeitapp.com
reference_id snipeitapp.com
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url http://snipeitapp.com
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3amw-v6wf-8yg7
1
vulnerability VCID-3jws-ajsq-v7eq
2
vulnerability VCID-7d3x-8s7g-ykds
3
vulnerability VCID-b1qv-6g2z-x7b2
4
vulnerability VCID-ry56-8zuz-3bda
5
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65622, GHSA-4g25-wj72-chxg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkx-ws2v-hyd7
12
url VCID-7kdb-yy6k-ebd1
vulnerability_id VCID-7kdb-yy6k-ebd1
summary Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29679
published_at 2026-06-12T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29478
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
3
reference_url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
reference_id 43206801-9862-48da-b379-e55e341d78bf
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
4
reference_url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
reference_id 6d55d782806c9660e9e65dc5250faacb5d0033ed
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
5
reference_url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
reference_id GHSA-33vj-r6p6-x4p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.3
purl pkg:composer/snipe/snipe-it@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-8yxm-uj2h-rufj
9
vulnerability VCID-b1qv-6g2z-x7b2
10
vulnerability VCID-ejxc-gtuk-fyfx
11
vulnerability VCID-ry56-8zuz-3bda
12
vulnerability VCID-uksu-hbtt-6qdk
13
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.3
aliases CVE-2023-5511, GHSA-33vj-r6p6-x4p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kdb-yy6k-ebd1
13
url VCID-8yxm-uj2h-rufj
vulnerability_id VCID-8yxm-uj2h-rufj
summary Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
reference_id
reference_type
scores
0
value 0.02734
scoring_system epss
scoring_elements 0.86286
published_at 2026-06-11T12:55:00Z
1
value 0.02734
scoring_system epss
scoring_elements 0.86337
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://snipe-it.readme.io/docs/key-rotation
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipe-it.readme.io/docs/key-rotation
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
reference_id CVE-2024-48987
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
4
reference_url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
reference_id GHSA-57qh-vmjr-5jxg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
5
reference_url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
reference_id snipe-it-unauthenticated-remote-command-execution-when-appkey-known
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
6
reference_url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
reference_id v7.0.10
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
fixed_packages
0
url pkg:composer/snipe/snipe-it@7.0.10
purl pkg:composer/snipe/snipe-it@7.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-b1qv-6g2z-x7b2
9
vulnerability VCID-ejxc-gtuk-fyfx
10
vulnerability VCID-ry56-8zuz-3bda
11
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@7.0.10
aliases CVE-2024-48987, GHSA-57qh-vmjr-5jxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8yxm-uj2h-rufj
14
url VCID-925h-gz4a-xqf2
vulnerability_id VCID-925h-gz4a-xqf2
summary snipe-it vulnerable to cross-site scripting (XSS)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3035
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49459
published_at 2026-06-12T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.49322
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3035
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae
3
reference_url https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3035
reference_id CVE-2022-3035
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3035
5
reference_url https://github.com/advisories/GHSA-rff2-vqm3-jpv5
reference_id GHSA-rff2-vqm3-jpv5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rff2-vqm3-jpv5
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.11
purl pkg:composer/snipe/snipe-it@6.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-hmss-qvuy-rfcx
13
vulnerability VCID-mfeg-t1ta-a3ck
14
vulnerability VCID-ry56-8zuz-3bda
15
vulnerability VCID-uksu-hbtt-6qdk
16
vulnerability VCID-v3vx-zast-efeg
17
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.11
aliases CVE-2022-3035, GHSA-rff2-vqm3-jpv5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-925h-gz4a-xqf2
15
url VCID-b1qv-6g2z-x7b2
vulnerability_id VCID-b1qv-6g2z-x7b2
summary Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08709
published_at 2026-06-12T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08667
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
1
reference_url https://snipeitapp.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipeitapp.com
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
reference_id CVE-2025-15602
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
3
reference_url https://github.com/advisories/GHSA-5448-v74m-7mv7
reference_id GHSA-5448-v74m-7mv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5448-v74m-7mv7
4
reference_url https://snipeitapp.com/
reference_id snipeitapp.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://snipeitapp.com/
5
reference_url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_id snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
6
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
reference_id v8.3.7
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.7
purl pkg:composer/snipe/snipe-it@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jws-ajsq-v7eq
1
vulnerability VCID-7d3x-8s7g-ykds
2
vulnerability VCID-ry56-8zuz-3bda
3
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.7
aliases CVE-2025-15602, GHSA-5448-v74m-7mv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1qv-6g2z-x7b2
16
url VCID-c3sg-db87-9ff8
vulnerability_id VCID-c3sg-db87-9ff8
summary Cross-site Scripting in snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1380
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48572
published_at 2026-06-12T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48435
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1380
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9
3
reference_url https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1380
reference_id CVE-2022-1380
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1380
5
reference_url https://github.com/advisories/GHSA-p885-prv3-m4xv
reference_id GHSA-p885-prv3-m4xv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p885-prv3-m4xv
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.4.3
purl pkg:composer/snipe/snipe-it@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-f2cp-ca22-gba8
15
vulnerability VCID-hmss-qvuy-rfcx
16
vulnerability VCID-mfeg-t1ta-a3ck
17
vulnerability VCID-ry56-8zuz-3bda
18
vulnerability VCID-ssbq-f1d6-m7bh
19
vulnerability VCID-uksu-hbtt-6qdk
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.3
aliases CVE-2022-1380, GHSA-p885-prv3-m4xv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3sg-db87-9ff8
17
url VCID-d9f2-h26a-dyam
vulnerability_id VCID-d9f2-h26a-dyam
summary Exposure of Sensitive Information in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0569
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.58394
published_at 2026-06-12T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58281
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0569
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09
3
reference_url https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0569
reference_id CVE-2022-0569
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0569
5
reference_url https://github.com/advisories/GHSA-qpv2-jxc7-3638
reference_id GHSA-qpv2-jxc7-3638
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpv2-jxc7-3638
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.10
purl pkg:composer/snipe/snipe-it@5.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-nddv-x2uq-vyeu
19
vulnerability VCID-qq58-u49k-ybgk
20
vulnerability VCID-qyeh-yjgg-zfdf
21
vulnerability VCID-ry56-8zuz-3bda
22
vulnerability VCID-ssbq-f1d6-m7bh
23
vulnerability VCID-uksu-hbtt-6qdk
24
vulnerability VCID-v3vx-zast-efeg
25
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.10
aliases CVE-2022-0569, GHSA-qpv2-jxc7-3638
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d9f2-h26a-dyam
18
url VCID-dvgd-81c2-e3ee
vulnerability_id VCID-dvgd-81c2-e3ee
summary Incorrect Default Permissions and Improper Access Control in snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0179
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44976
published_at 2026-06-12T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.44825
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0179
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e
3
reference_url https://github.com/snipe/snipe-it/pull/10498
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/pull/10498
4
reference_url https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0179
reference_id CVE-2022-0179
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0179
6
reference_url https://github.com/advisories/GHSA-w3v3-cxq5-9vr4
reference_id GHSA-w3v3-cxq5-9vr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w3v3-cxq5-9vr4
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.7
purl pkg:composer/snipe/snipe-it@5.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-6zw4-uug8-yfd9
8
vulnerability VCID-7d3x-8s7g-ykds
9
vulnerability VCID-7gkx-ws2v-hyd7
10
vulnerability VCID-7kdb-yy6k-ebd1
11
vulnerability VCID-8yxm-uj2h-rufj
12
vulnerability VCID-925h-gz4a-xqf2
13
vulnerability VCID-b1qv-6g2z-x7b2
14
vulnerability VCID-c3sg-db87-9ff8
15
vulnerability VCID-d9f2-h26a-dyam
16
vulnerability VCID-ejxc-gtuk-fyfx
17
vulnerability VCID-f2cp-ca22-gba8
18
vulnerability VCID-hmss-qvuy-rfcx
19
vulnerability VCID-mfeg-t1ta-a3ck
20
vulnerability VCID-nddv-x2uq-vyeu
21
vulnerability VCID-pqxq-5v7x-rydd
22
vulnerability VCID-qq58-u49k-ybgk
23
vulnerability VCID-qy5r-zztu-qubx
24
vulnerability VCID-qyeh-yjgg-zfdf
25
vulnerability VCID-ry56-8zuz-3bda
26
vulnerability VCID-ssbq-f1d6-m7bh
27
vulnerability VCID-uksu-hbtt-6qdk
28
vulnerability VCID-urgt-uz5n-zyds
29
vulnerability VCID-v3vx-zast-efeg
30
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.7
aliases CVE-2022-0179, GHSA-w3v3-cxq5-9vr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvgd-81c2-e3ee
19
url VCID-ejxc-gtuk-fyfx
vulnerability_id VCID-ejxc-gtuk-fyfx
summary Snipe-IT before 8.1.18 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01589
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01587
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
2
reference_url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
reference_id GHSA-c9wp-pr7f-hfqm
reference_type
scores
url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id v8.1.18
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-19T13:49:48Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-3amw-v6wf-8yg7
2
vulnerability VCID-3jws-ajsq-v7eq
3
vulnerability VCID-7d3x-8s7g-ykds
4
vulnerability VCID-7gkx-ws2v-hyd7
5
vulnerability VCID-b1qv-6g2z-x7b2
6
vulnerability VCID-ry56-8zuz-3bda
7
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59712, GHSA-c9wp-pr7f-hfqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejxc-gtuk-fyfx
20
url VCID-f2cp-ca22-gba8
vulnerability_id VCID-f2cp-ca22-gba8
summary Improper Access Control in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1511
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.493
published_at 2026-06-12T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49163
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1511
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c
3
reference_url https://github.com/snipe/snipe-it/pull/10991
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/pull/10991
4
reference_url https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1511
reference_id CVE-2022-1511
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1511
6
reference_url https://github.com/advisories/GHSA-p2vw-f87c-q597
reference_id GHSA-p2vw-f87c-q597
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p2vw-f87c-q597
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.4.4
purl pkg:composer/snipe/snipe-it@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-v3vx-zast-efeg
20
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.4
1
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-1511, GHSA-p2vw-f87c-q597
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2cp-ca22-gba8
21
url VCID-fa65-f6am-efgj
vulnerability_id VCID-fa65-f6am-efgj
summary snipe-it is vulnerable to Cross-site Scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3938
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45655
published_at 2026-06-12T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45507
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3938
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/9ed1442bd124710f4178992cc4eca5236c7396b9
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/9ed1442bd124710f4178992cc4eca5236c7396b9
3
reference_url https://huntr.dev/bounties/198a0d67-9189-4170-809b-0f8aea43b063
reference_id
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/198a0d67-9189-4170-809b-0f8aea43b063
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3938
reference_id CVE-2021-3938
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3938
5
reference_url https://github.com/advisories/GHSA-2cqg-q7jm-j35c
reference_id GHSA-2cqg-q7jm-j35c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2cqg-q7jm-j35c
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.4.0
purl pkg:composer/snipe/snipe-it@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-qq58-u49k-ybgk
19
vulnerability VCID-ry56-8zuz-3bda
20
vulnerability VCID-ssbq-f1d6-m7bh
21
vulnerability VCID-uksu-hbtt-6qdk
22
vulnerability VCID-v3vx-zast-efeg
23
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.0
aliases CVE-2021-3938, GHSA-2cqg-q7jm-j35c
risk_score 1.8
exploitability 0.5
weighted_severity 3.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fa65-f6am-efgj
22
url VCID-fexj-7y7v-x7d3
vulnerability_id VCID-fexj-7y7v-x7d3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3879
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.64218
published_at 2026-06-11T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.6432
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3879
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/bda23bb1e66fd7ce42c75c69cf5eea4e80865c1c
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/bda23bb1e66fd7ce42c75c69cf5eea4e80865c1c
3
reference_url https://huntr.dev/bounties/6dccc49e-3843-4a4a-b397-5c659e5f8bfe
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/6dccc49e-3843-4a4a-b397-5c659e5f8bfe
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3879
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3879
5
reference_url https://github.com/advisories/GHSA-9g3v-j3cr-6fc6
reference_id GHSA-9g3v-j3cr-6fc6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9g3v-j3cr-6fc6
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.0
purl pkg:composer/snipe/snipe-it@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-2mpv-u96h-a7dm
4
vulnerability VCID-3amw-v6wf-8yg7
5
vulnerability VCID-3jws-ajsq-v7eq
6
vulnerability VCID-4n88-ybjw-bqdk
7
vulnerability VCID-6hks-9uk3-23at
8
vulnerability VCID-6zw4-uug8-yfd9
9
vulnerability VCID-7d3x-8s7g-ykds
10
vulnerability VCID-7gkx-ws2v-hyd7
11
vulnerability VCID-7kdb-yy6k-ebd1
12
vulnerability VCID-8yxm-uj2h-rufj
13
vulnerability VCID-925h-gz4a-xqf2
14
vulnerability VCID-b1qv-6g2z-x7b2
15
vulnerability VCID-c3sg-db87-9ff8
16
vulnerability VCID-d9f2-h26a-dyam
17
vulnerability VCID-dvgd-81c2-e3ee
18
vulnerability VCID-ejxc-gtuk-fyfx
19
vulnerability VCID-f2cp-ca22-gba8
20
vulnerability VCID-fa65-f6am-efgj
21
vulnerability VCID-hmss-qvuy-rfcx
22
vulnerability VCID-m4sh-qung-vfbq
23
vulnerability VCID-mfeg-t1ta-a3ck
24
vulnerability VCID-nddv-x2uq-vyeu
25
vulnerability VCID-pqxq-5v7x-rydd
26
vulnerability VCID-q6b1-jhef-8fap
27
vulnerability VCID-qq58-u49k-ybgk
28
vulnerability VCID-qy5r-zztu-qubx
29
vulnerability VCID-qyeh-yjgg-zfdf
30
vulnerability VCID-ry56-8zuz-3bda
31
vulnerability VCID-ssbq-f1d6-m7bh
32
vulnerability VCID-sw8p-bapa-sbc8
33
vulnerability VCID-sx4p-2hvz-eue4
34
vulnerability VCID-uksu-hbtt-6qdk
35
vulnerability VCID-urgt-uz5n-zyds
36
vulnerability VCID-v3vx-zast-efeg
37
vulnerability VCID-w4pf-389e-gudt
38
vulnerability VCID-wcjg-sccj-zugf
39
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.0
aliases CVE-2021-3879, GHSA-9g3v-j3cr-6fc6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fexj-7y7v-x7d3
23
url VCID-hmss-qvuy-rfcx
vulnerability_id VCID-hmss-qvuy-rfcx
summary Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.3
published_at 2026-06-12T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29802
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
3
reference_url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
reference_id d6ed5ac1-2ad6-45fd-9492-979820bf60c8
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
4
reference_url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
reference_id eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
5
reference_url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
reference_id GHSA-rr5c-69c9-gj9f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.2
purl pkg:composer/snipe/snipe-it@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-ry56-8zuz-3bda
13
vulnerability VCID-uksu-hbtt-6qdk
14
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.2
aliases CVE-2023-5452, GHSA-rr5c-69c9-gj9f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmss-qvuy-rfcx
24
url VCID-m4sh-qung-vfbq
vulnerability_id VCID-m4sh-qung-vfbq
summary Cross-site Scripting in snipe/snipe-it
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3961
reference_id
reference_type
scores
0
value 0.00326
scoring_system epss
scoring_elements 0.56081
published_at 2026-06-12T12:55:00Z
1
value 0.00326
scoring_system epss
scoring_elements 0.5596
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3961
1
reference_url https://github.com/snipe/snipe-it/commit/7ce5993f5ae9d713a0955c2fd8e2dff7a7ce886e
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/7ce5993f5ae9d713a0955c2fd8e2dff7a7ce886e
2
reference_url https://huntr.dev/bounties/5987aed5-6613-4937-8a3e-d48009b7da10
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5987aed5-6613-4937-8a3e-d48009b7da10
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3961
reference_id CVE-2021-3961
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3961
4
reference_url https://github.com/advisories/GHSA-c65v-p733-9796
reference_id GHSA-c65v-p733-9796
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c65v-p733-9796
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.2
purl pkg:composer/snipe/snipe-it@5.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-2mpv-u96h-a7dm
4
vulnerability VCID-3amw-v6wf-8yg7
5
vulnerability VCID-3jws-ajsq-v7eq
6
vulnerability VCID-4n88-ybjw-bqdk
7
vulnerability VCID-6hks-9uk3-23at
8
vulnerability VCID-6zw4-uug8-yfd9
9
vulnerability VCID-7d3x-8s7g-ykds
10
vulnerability VCID-7gkx-ws2v-hyd7
11
vulnerability VCID-7kdb-yy6k-ebd1
12
vulnerability VCID-8yxm-uj2h-rufj
13
vulnerability VCID-925h-gz4a-xqf2
14
vulnerability VCID-b1qv-6g2z-x7b2
15
vulnerability VCID-c3sg-db87-9ff8
16
vulnerability VCID-d9f2-h26a-dyam
17
vulnerability VCID-dvgd-81c2-e3ee
18
vulnerability VCID-ejxc-gtuk-fyfx
19
vulnerability VCID-f2cp-ca22-gba8
20
vulnerability VCID-hmss-qvuy-rfcx
21
vulnerability VCID-mfeg-t1ta-a3ck
22
vulnerability VCID-nddv-x2uq-vyeu
23
vulnerability VCID-pqxq-5v7x-rydd
24
vulnerability VCID-q6b1-jhef-8fap
25
vulnerability VCID-qq58-u49k-ybgk
26
vulnerability VCID-qy5r-zztu-qubx
27
vulnerability VCID-qyeh-yjgg-zfdf
28
vulnerability VCID-ry56-8zuz-3bda
29
vulnerability VCID-ssbq-f1d6-m7bh
30
vulnerability VCID-sw8p-bapa-sbc8
31
vulnerability VCID-sx4p-2hvz-eue4
32
vulnerability VCID-uksu-hbtt-6qdk
33
vulnerability VCID-urgt-uz5n-zyds
34
vulnerability VCID-v3vx-zast-efeg
35
vulnerability VCID-wcjg-sccj-zugf
36
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.2
aliases CVE-2021-3961, GHSA-c65v-p733-9796
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sh-qung-vfbq
25
url VCID-mfeg-t1ta-a3ck
vulnerability_id VCID-mfeg-t1ta-a3ck
summary Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44380
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46453
published_at 2026-06-12T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46307
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44380
1
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
2
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44380
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44380
4
reference_url https://github.com/advisories/GHSA-363q-j92x-7543
reference_id GHSA-363q-j92x-7543
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-363q-j92x-7543
5
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
reference_id multiple-vulnerabilities-in-snipe-it
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:22:03Z/
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.14
purl pkg:composer/snipe/snipe-it@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-b1qv-6g2z-x7b2
11
vulnerability VCID-ejxc-gtuk-fyfx
12
vulnerability VCID-hmss-qvuy-rfcx
13
vulnerability VCID-ry56-8zuz-3bda
14
vulnerability VCID-uksu-hbtt-6qdk
15
vulnerability VCID-v3vx-zast-efeg
16
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.14
aliases CVE-2022-44380, GHSA-363q-j92x-7543
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfeg-t1ta-a3ck
26
url VCID-nddv-x2uq-vyeu
vulnerability_id VCID-nddv-x2uq-vyeu
summary Improper Privilege Management in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0611
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53236
published_at 2026-06-12T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53108
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0611
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
3
reference_url https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0611
reference_id CVE-2022-0611
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0611
5
reference_url https://github.com/advisories/GHSA-j57w-3c39-gpp5
reference_id GHSA-j57w-3c39-gpp5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j57w-3c39-gpp5
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.11
purl pkg:composer/snipe/snipe-it@5.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.11
1
url pkg:composer/snipe/snipe-it@5.4.0
purl pkg:composer/snipe/snipe-it@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-qq58-u49k-ybgk
19
vulnerability VCID-ry56-8zuz-3bda
20
vulnerability VCID-ssbq-f1d6-m7bh
21
vulnerability VCID-uksu-hbtt-6qdk
22
vulnerability VCID-v3vx-zast-efeg
23
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.0
2
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-0611, GHSA-j57w-3c39-gpp5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nddv-x2uq-vyeu
27
url VCID-pqxq-5v7x-rydd
vulnerability_id VCID-pqxq-5v7x-rydd
summary snipe-IT vulnerable to host header injection
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23064
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63886
published_at 2026-06-12T12:55:00Z
1
value 0.00444
scoring_system epss
scoring_elements 0.63784
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23064
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23064
reference_id CVE-2022-23064
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23064
4
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064
reference_id CVE-2022-23064
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064
5
reference_url https://github.com/advisories/GHSA-9vh6-qfv6-vcqp
reference_id GHSA-9vh6-qfv6-vcqp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vh6-qfv6-vcqp
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.8
purl pkg:composer/snipe/snipe-it@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-d9f2-h26a-dyam
15
vulnerability VCID-ejxc-gtuk-fyfx
16
vulnerability VCID-f2cp-ca22-gba8
17
vulnerability VCID-hmss-qvuy-rfcx
18
vulnerability VCID-mfeg-t1ta-a3ck
19
vulnerability VCID-nddv-x2uq-vyeu
20
vulnerability VCID-qq58-u49k-ybgk
21
vulnerability VCID-qy5r-zztu-qubx
22
vulnerability VCID-qyeh-yjgg-zfdf
23
vulnerability VCID-ry56-8zuz-3bda
24
vulnerability VCID-ssbq-f1d6-m7bh
25
vulnerability VCID-uksu-hbtt-6qdk
26
vulnerability VCID-urgt-uz5n-zyds
27
vulnerability VCID-v3vx-zast-efeg
28
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.8
1
url pkg:composer/snipe/snipe-it@5.4.0
purl pkg:composer/snipe/snipe-it@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-qq58-u49k-ybgk
19
vulnerability VCID-ry56-8zuz-3bda
20
vulnerability VCID-ssbq-f1d6-m7bh
21
vulnerability VCID-uksu-hbtt-6qdk
22
vulnerability VCID-v3vx-zast-efeg
23
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.0
aliases CVE-2022-23064, GHSA-9vh6-qfv6-vcqp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqxq-5v7x-rydd
28
url VCID-q6b1-jhef-8fap
vulnerability_id VCID-q6b1-jhef-8fap
summary snipe-it is vulnerable to Cross-site Scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4108
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45593
published_at 2026-06-12T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45445
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4108
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/9d5d1a9f9aae2c8baee48551185da5de0cdb62c2
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/9d5d1a9f9aae2c8baee48551185da5de0cdb62c2
3
reference_url https://huntr.dev/bounties/5069a037-040e-4d77-8526-846e65edfaf4
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5069a037-040e-4d77-8526-846e65edfaf4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4108
reference_id CVE-2021-4108
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4108
5
reference_url https://github.com/advisories/GHSA-rxch-gp62-574w
reference_id GHSA-rxch-gp62-574w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxch-gp62-574w
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.5
purl pkg:composer/snipe/snipe-it@5.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-6zw4-uug8-yfd9
8
vulnerability VCID-7d3x-8s7g-ykds
9
vulnerability VCID-7gkx-ws2v-hyd7
10
vulnerability VCID-7kdb-yy6k-ebd1
11
vulnerability VCID-8yxm-uj2h-rufj
12
vulnerability VCID-925h-gz4a-xqf2
13
vulnerability VCID-b1qv-6g2z-x7b2
14
vulnerability VCID-c3sg-db87-9ff8
15
vulnerability VCID-d9f2-h26a-dyam
16
vulnerability VCID-dvgd-81c2-e3ee
17
vulnerability VCID-ejxc-gtuk-fyfx
18
vulnerability VCID-f2cp-ca22-gba8
19
vulnerability VCID-hmss-qvuy-rfcx
20
vulnerability VCID-mfeg-t1ta-a3ck
21
vulnerability VCID-nddv-x2uq-vyeu
22
vulnerability VCID-pqxq-5v7x-rydd
23
vulnerability VCID-qq58-u49k-ybgk
24
vulnerability VCID-qy5r-zztu-qubx
25
vulnerability VCID-qyeh-yjgg-zfdf
26
vulnerability VCID-ry56-8zuz-3bda
27
vulnerability VCID-ssbq-f1d6-m7bh
28
vulnerability VCID-uksu-hbtt-6qdk
29
vulnerability VCID-urgt-uz5n-zyds
30
vulnerability VCID-v3vx-zast-efeg
31
vulnerability VCID-wcjg-sccj-zugf
32
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.5
aliases CVE-2021-4108, GHSA-rxch-gp62-574w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6b1-jhef-8fap
29
url VCID-qq58-u49k-ybgk
vulnerability_id VCID-qq58-u49k-ybgk
summary Stored cross-site scripting in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1445
reference_id
reference_type
scores
0
value 0.0033
scoring_system epss
scoring_elements 0.56459
published_at 2026-06-12T12:55:00Z
1
value 0.0033
scoring_system epss
scoring_elements 0.5634
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1445
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41
3
reference_url https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1445
reference_id CVE-2022-1445
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1445
5
reference_url https://github.com/advisories/GHSA-hpx4-xjp7-m4vr
reference_id GHSA-hpx4-xjp7-m4vr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hpx4-xjp7-m4vr
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.4.3
purl pkg:composer/snipe/snipe-it@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-f2cp-ca22-gba8
15
vulnerability VCID-hmss-qvuy-rfcx
16
vulnerability VCID-mfeg-t1ta-a3ck
17
vulnerability VCID-ry56-8zuz-3bda
18
vulnerability VCID-ssbq-f1d6-m7bh
19
vulnerability VCID-uksu-hbtt-6qdk
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.3
aliases CVE-2022-1445, GHSA-hpx4-xjp7-m4vr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qq58-u49k-ybgk
30
url VCID-qy5r-zztu-qubx
vulnerability_id VCID-qy5r-zztu-qubx
summary Improper Privilege Management in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0579
reference_id
reference_type
scores
0
value 0.00303
scoring_system epss
scoring_elements 0.54129
published_at 2026-06-12T12:55:00Z
1
value 0.00303
scoring_system epss
scoring_elements 0.54004
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0579
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1
3
reference_url https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0579
reference_id CVE-2022-0579
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0579
5
reference_url https://github.com/advisories/GHSA-v6vg-pxvv-g5cq
reference_id GHSA-v6vg-pxvv-g5cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6vg-pxvv-g5cq
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.9
purl pkg:composer/snipe/snipe-it@5.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-d9f2-h26a-dyam
15
vulnerability VCID-ejxc-gtuk-fyfx
16
vulnerability VCID-f2cp-ca22-gba8
17
vulnerability VCID-hmss-qvuy-rfcx
18
vulnerability VCID-mfeg-t1ta-a3ck
19
vulnerability VCID-nddv-x2uq-vyeu
20
vulnerability VCID-qq58-u49k-ybgk
21
vulnerability VCID-qyeh-yjgg-zfdf
22
vulnerability VCID-ry56-8zuz-3bda
23
vulnerability VCID-ssbq-f1d6-m7bh
24
vulnerability VCID-uksu-hbtt-6qdk
25
vulnerability VCID-urgt-uz5n-zyds
26
vulnerability VCID-v3vx-zast-efeg
27
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.9
aliases CVE-2022-0579, GHSA-v6vg-pxvv-g5cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qy5r-zztu-qubx
31
url VCID-qyeh-yjgg-zfdf
vulnerability_id VCID-qyeh-yjgg-zfdf
summary Generation of Error Message Containing Sensitive Information in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0622
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.22031
published_at 2026-06-12T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21843
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0622
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2
3
reference_url https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0622
reference_id CVE-2022-0622
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0622
5
reference_url https://github.com/advisories/GHSA-pwwm-pwx2-2hw7
reference_id GHSA-pwwm-pwx2-2hw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pwwm-pwx2-2hw7
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.11
purl pkg:composer/snipe/snipe-it@5.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.11
1
url pkg:composer/snipe/snipe-it@6.0.0-RC-1
purl pkg:composer/snipe/snipe-it@6.0.0-RC-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-urgt-uz5n-zyds
20
vulnerability VCID-v3vx-zast-efeg
21
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-1
aliases CVE-2022-0622, GHSA-pwwm-pwx2-2hw7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyeh-yjgg-zfdf
32
url VCID-ry56-8zuz-3bda
vulnerability_id VCID-ry56-8zuz-3bda
summary Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
reference_id
reference_type
scores
0
value 0.00306
scoring_system epss
scoring_elements 0.54391
published_at 2026-06-12T12:55:00Z
1
value 0.00306
scoring_system epss
scoring_elements 0.54266
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
2
reference_url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
reference_id 676a9958895a77de340565e7a0b17ae744664904
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
3
reference_url https://github.com/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg82-2hrv-hf64
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-37709, GHSA-xg82-2hrv-hf64
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry56-8zuz-3bda
33
url VCID-ssbq-f1d6-m7bh
vulnerability_id VCID-ssbq-f1d6-m7bh
summary Snipe-IT vulnerable to Improper Authentication
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3173
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40384
published_at 2026-06-12T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40216
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3173
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2
3
reference_url https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3173
reference_id CVE-2022-3173
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3173
5
reference_url https://github.com/advisories/GHSA-fhvv-p968-6vvj
reference_id GHSA-fhvv-p968-6vvj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhvv-p968-6vvj
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.0.10
purl pkg:composer/snipe/snipe-it@6.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-7kdb-yy6k-ebd1
9
vulnerability VCID-8yxm-uj2h-rufj
10
vulnerability VCID-925h-gz4a-xqf2
11
vulnerability VCID-b1qv-6g2z-x7b2
12
vulnerability VCID-ejxc-gtuk-fyfx
13
vulnerability VCID-hmss-qvuy-rfcx
14
vulnerability VCID-mfeg-t1ta-a3ck
15
vulnerability VCID-ry56-8zuz-3bda
16
vulnerability VCID-uksu-hbtt-6qdk
17
vulnerability VCID-v3vx-zast-efeg
18
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.10
aliases CVE-2022-3173, GHSA-fhvv-p968-6vvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ssbq-f1d6-m7bh
34
url VCID-sw8p-bapa-sbc8
vulnerability_id VCID-sw8p-bapa-sbc8
summary snipe-it is vulnerable to Improper Access Control
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4089
reference_id
reference_type
scores
0
value 0.00223
scoring_system epss
scoring_elements 0.45242
published_at 2026-06-12T12:55:00Z
1
value 0.00223
scoring_system epss
scoring_elements 0.45092
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4089
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24
3
reference_url https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4089
reference_id CVE-2021-4089
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4089
5
reference_url https://github.com/advisories/GHSA-9vwf-54m9-gc4f
reference_id GHSA-9vwf-54m9-gc4f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vwf-54m9-gc4f
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.4
purl pkg:composer/snipe/snipe-it@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-6zw4-uug8-yfd9
8
vulnerability VCID-7d3x-8s7g-ykds
9
vulnerability VCID-7gkx-ws2v-hyd7
10
vulnerability VCID-7kdb-yy6k-ebd1
11
vulnerability VCID-8yxm-uj2h-rufj
12
vulnerability VCID-925h-gz4a-xqf2
13
vulnerability VCID-b1qv-6g2z-x7b2
14
vulnerability VCID-c3sg-db87-9ff8
15
vulnerability VCID-d9f2-h26a-dyam
16
vulnerability VCID-dvgd-81c2-e3ee
17
vulnerability VCID-ejxc-gtuk-fyfx
18
vulnerability VCID-f2cp-ca22-gba8
19
vulnerability VCID-hmss-qvuy-rfcx
20
vulnerability VCID-mfeg-t1ta-a3ck
21
vulnerability VCID-nddv-x2uq-vyeu
22
vulnerability VCID-pqxq-5v7x-rydd
23
vulnerability VCID-q6b1-jhef-8fap
24
vulnerability VCID-qq58-u49k-ybgk
25
vulnerability VCID-qy5r-zztu-qubx
26
vulnerability VCID-qyeh-yjgg-zfdf
27
vulnerability VCID-ry56-8zuz-3bda
28
vulnerability VCID-ssbq-f1d6-m7bh
29
vulnerability VCID-uksu-hbtt-6qdk
30
vulnerability VCID-urgt-uz5n-zyds
31
vulnerability VCID-v3vx-zast-efeg
32
vulnerability VCID-wcjg-sccj-zugf
33
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.4
aliases CVE-2021-4089, GHSA-9vwf-54m9-gc4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sw8p-bapa-sbc8
35
url VCID-sx4p-2hvz-eue4
vulnerability_id VCID-sx4p-2hvz-eue4
summary snipe-it is vulnerable to Cross-site Scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4018
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45495
published_at 2026-06-12T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45346
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4018
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/ff81e6d5366c2cfb15618793ad919ae4cbb3ac57
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/ff81e6d5366c2cfb15618793ad919ae4cbb3ac57
3
reference_url https://github.com/snipe/snipe-it/releases/tag/v5.3.3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v5.3.3
4
reference_url https://huntr.dev/bounties/c14395f6-bf0d-4b06-b4d1-b509d8a99b54
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c14395f6-bf0d-4b06-b4d1-b509d8a99b54
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4018
reference_id CVE-2021-4018
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4018
6
reference_url https://github.com/advisories/GHSA-5fh3-25xr-g85h
reference_id GHSA-5fh3-25xr-g85h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fh3-25xr-g85h
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.3
purl pkg:composer/snipe/snipe-it@5.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-2mpv-u96h-a7dm
4
vulnerability VCID-3amw-v6wf-8yg7
5
vulnerability VCID-3jws-ajsq-v7eq
6
vulnerability VCID-4n88-ybjw-bqdk
7
vulnerability VCID-6hks-9uk3-23at
8
vulnerability VCID-6zw4-uug8-yfd9
9
vulnerability VCID-7d3x-8s7g-ykds
10
vulnerability VCID-7gkx-ws2v-hyd7
11
vulnerability VCID-7kdb-yy6k-ebd1
12
vulnerability VCID-8yxm-uj2h-rufj
13
vulnerability VCID-925h-gz4a-xqf2
14
vulnerability VCID-b1qv-6g2z-x7b2
15
vulnerability VCID-c3sg-db87-9ff8
16
vulnerability VCID-d9f2-h26a-dyam
17
vulnerability VCID-dvgd-81c2-e3ee
18
vulnerability VCID-ejxc-gtuk-fyfx
19
vulnerability VCID-f2cp-ca22-gba8
20
vulnerability VCID-hmss-qvuy-rfcx
21
vulnerability VCID-mfeg-t1ta-a3ck
22
vulnerability VCID-nddv-x2uq-vyeu
23
vulnerability VCID-pqxq-5v7x-rydd
24
vulnerability VCID-q6b1-jhef-8fap
25
vulnerability VCID-qq58-u49k-ybgk
26
vulnerability VCID-qy5r-zztu-qubx
27
vulnerability VCID-qyeh-yjgg-zfdf
28
vulnerability VCID-ry56-8zuz-3bda
29
vulnerability VCID-ssbq-f1d6-m7bh
30
vulnerability VCID-sw8p-bapa-sbc8
31
vulnerability VCID-uksu-hbtt-6qdk
32
vulnerability VCID-urgt-uz5n-zyds
33
vulnerability VCID-v3vx-zast-efeg
34
vulnerability VCID-wcjg-sccj-zugf
35
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.3
aliases CVE-2021-4018, GHSA-5fh3-25xr-g85h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx4p-2hvz-eue4
36
url VCID-tqkr-xpgd-q7be
vulnerability_id VCID-tqkr-xpgd-q7be
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3858
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35912
published_at 2026-06-11T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.36092
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3858
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/84c73aae5dcafa9529ceeeda6e8cdda5a42129c3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/84c73aae5dcafa9529ceeeda6e8cdda5a42129c3
3
reference_url https://github.com/snipe/snipe-it/releases/tag/v5.3.0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v5.3.0
4
reference_url https://huntr.dev/bounties/a2fac2eb-100d-45b1-9ac7-71847c2f2b6b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/a2fac2eb-100d-45b1-9ac7-71847c2f2b6b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3858
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3858
6
reference_url https://github.com/advisories/GHSA-g92x-8m54-p89v
reference_id GHSA-g92x-8m54-p89v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g92x-8m54-p89v
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.0
purl pkg:composer/snipe/snipe-it@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-2mpv-u96h-a7dm
4
vulnerability VCID-3amw-v6wf-8yg7
5
vulnerability VCID-3jws-ajsq-v7eq
6
vulnerability VCID-4n88-ybjw-bqdk
7
vulnerability VCID-6hks-9uk3-23at
8
vulnerability VCID-6zw4-uug8-yfd9
9
vulnerability VCID-7d3x-8s7g-ykds
10
vulnerability VCID-7gkx-ws2v-hyd7
11
vulnerability VCID-7kdb-yy6k-ebd1
12
vulnerability VCID-8yxm-uj2h-rufj
13
vulnerability VCID-925h-gz4a-xqf2
14
vulnerability VCID-b1qv-6g2z-x7b2
15
vulnerability VCID-c3sg-db87-9ff8
16
vulnerability VCID-d9f2-h26a-dyam
17
vulnerability VCID-dvgd-81c2-e3ee
18
vulnerability VCID-ejxc-gtuk-fyfx
19
vulnerability VCID-f2cp-ca22-gba8
20
vulnerability VCID-fa65-f6am-efgj
21
vulnerability VCID-hmss-qvuy-rfcx
22
vulnerability VCID-m4sh-qung-vfbq
23
vulnerability VCID-mfeg-t1ta-a3ck
24
vulnerability VCID-nddv-x2uq-vyeu
25
vulnerability VCID-pqxq-5v7x-rydd
26
vulnerability VCID-q6b1-jhef-8fap
27
vulnerability VCID-qq58-u49k-ybgk
28
vulnerability VCID-qy5r-zztu-qubx
29
vulnerability VCID-qyeh-yjgg-zfdf
30
vulnerability VCID-ry56-8zuz-3bda
31
vulnerability VCID-ssbq-f1d6-m7bh
32
vulnerability VCID-sw8p-bapa-sbc8
33
vulnerability VCID-sx4p-2hvz-eue4
34
vulnerability VCID-uksu-hbtt-6qdk
35
vulnerability VCID-urgt-uz5n-zyds
36
vulnerability VCID-v3vx-zast-efeg
37
vulnerability VCID-w4pf-389e-gudt
38
vulnerability VCID-wcjg-sccj-zugf
39
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.0
aliases CVE-2021-3858, GHSA-g92x-8m54-p89v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqkr-xpgd-q7be
37
url VCID-uksu-hbtt-6qdk
vulnerability_id VCID-uksu-hbtt-6qdk
summary Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36802
published_at 2026-06-12T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36623
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/pull/14745
reference_id 14745
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/pull/14745
3
reference_url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
reference_id 34f1ea1c0ecd403047cd1327569ee391a7201cc1
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
4
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
reference_id CVE-2024-5685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
reference_id CVE-2024-5685
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
reference_id CVE-2024-5685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
7
reference_url https://github.com/advisories/GHSA-544r-fc65-v832
reference_id GHSA-544r-fc65-v832
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-544r-fc65-v832
8
reference_url https://advisory.checkmarx.net/?search=CVE-2024-5685
reference_id ?search=CVE-2024-5685
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://advisory.checkmarx.net/?search=CVE-2024-5685
9
reference_url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
reference_id v6.4.2
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.4.2
purl pkg:composer/snipe/snipe-it@6.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-7d3x-8s7g-ykds
7
vulnerability VCID-7gkx-ws2v-hyd7
8
vulnerability VCID-8yxm-uj2h-rufj
9
vulnerability VCID-b1qv-6g2z-x7b2
10
vulnerability VCID-ejxc-gtuk-fyfx
11
vulnerability VCID-ry56-8zuz-3bda
12
vulnerability VCID-v3vx-zast-efeg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.4.2
aliases CVE-2024-5685, GHSA-544r-fc65-v832
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uksu-hbtt-6qdk
38
url VCID-urgt-uz5n-zyds
vulnerability_id VCID-urgt-uz5n-zyds
summary Old sessions not blocked by login enable function in Snipe-IT
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1155
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49108
published_at 2026-06-12T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48971
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1155
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d
3
reference_url https://github.com/snipe/snipe-it/pull/10876
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/pull/10876
4
reference_url https://github.com/snipe/snipe-it/releases/tag/v5.4.2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v5.4.2
5
reference_url https://github.com/snipe/snipe-it/releases/tag/v6.0.0-RC-6
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/releases/tag/v6.0.0-RC-6
6
reference_url https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1155
reference_id CVE-2022-1155
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1155
8
reference_url https://github.com/advisories/GHSA-636j-7x7r-gvw2
reference_id GHSA-636j-7x7r-gvw2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-636j-7x7r-gvw2
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.10
purl pkg:composer/snipe/snipe-it@5.3.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-nddv-x2uq-vyeu
19
vulnerability VCID-qq58-u49k-ybgk
20
vulnerability VCID-qyeh-yjgg-zfdf
21
vulnerability VCID-ry56-8zuz-3bda
22
vulnerability VCID-ssbq-f1d6-m7bh
23
vulnerability VCID-uksu-hbtt-6qdk
24
vulnerability VCID-v3vx-zast-efeg
25
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.10
1
url pkg:composer/snipe/snipe-it@5.4.2
purl pkg:composer/snipe/snipe-it@5.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-c3sg-db87-9ff8
14
vulnerability VCID-ejxc-gtuk-fyfx
15
vulnerability VCID-f2cp-ca22-gba8
16
vulnerability VCID-hmss-qvuy-rfcx
17
vulnerability VCID-mfeg-t1ta-a3ck
18
vulnerability VCID-qq58-u49k-ybgk
19
vulnerability VCID-ry56-8zuz-3bda
20
vulnerability VCID-ssbq-f1d6-m7bh
21
vulnerability VCID-uksu-hbtt-6qdk
22
vulnerability VCID-v3vx-zast-efeg
23
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.4.2
2
url pkg:composer/snipe/snipe-it@6.0.0-RC-6
purl pkg:composer/snipe/snipe-it@6.0.0-RC-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-7d3x-8s7g-ykds
8
vulnerability VCID-7gkx-ws2v-hyd7
9
vulnerability VCID-7kdb-yy6k-ebd1
10
vulnerability VCID-8yxm-uj2h-rufj
11
vulnerability VCID-925h-gz4a-xqf2
12
vulnerability VCID-b1qv-6g2z-x7b2
13
vulnerability VCID-ejxc-gtuk-fyfx
14
vulnerability VCID-hmss-qvuy-rfcx
15
vulnerability VCID-mfeg-t1ta-a3ck
16
vulnerability VCID-ry56-8zuz-3bda
17
vulnerability VCID-ssbq-f1d6-m7bh
18
vulnerability VCID-uksu-hbtt-6qdk
19
vulnerability VCID-v3vx-zast-efeg
20
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.0.0-RC-6
aliases CVE-2022-1155, GHSA-636j-7x7r-gvw2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urgt-uz5n-zyds
39
url VCID-v3vx-zast-efeg
vulnerability_id VCID-v3vx-zast-efeg
summary Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02593
published_at 2026-06-12T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02591
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
2
reference_url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_id ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
3
reference_url https://github.com/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq28-crg7-95pr
4
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44832, GHSA-hq28-crg7-95pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3vx-zast-efeg
40
url VCID-w4pf-389e-gudt
vulnerability_id VCID-w4pf-389e-gudt
summary snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3931
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31934
published_at 2026-06-12T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.31746
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3931
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/0d811d067c8e064252c0143c39d6cd4c3133679e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/0d811d067c8e064252c0143c39d6cd4c3133679e
3
reference_url https://huntr.dev/bounties/03b21d69-3bf5-4b2f-a2cf-872dd677a68f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/03b21d69-3bf5-4b2f-a2cf-872dd677a68f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3931
reference_id CVE-2021-3931
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3931
5
reference_url https://github.com/advisories/GHSA-533p-cp2g-99wp
reference_id GHSA-533p-cp2g-99wp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-533p-cp2g-99wp
fixed_packages
aliases CVE-2021-3931, GHSA-533p-cp2g-99wp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pf-389e-gudt
41
url VCID-wcjg-sccj-zugf
vulnerability_id VCID-wcjg-sccj-zugf
summary snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4130
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36593
published_at 2026-06-12T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36413
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4130
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
3
reference_url https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4130
reference_id CVE-2021-4130
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4130
5
reference_url https://github.com/advisories/GHSA-4w23-c97g-fq5v
reference_id GHSA-4w23-c97g-fq5v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w23-c97g-fq5v
fixed_packages
0
url pkg:composer/snipe/snipe-it@5.3.6
purl pkg:composer/snipe/snipe-it@5.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-182g-yzu7-57ch
1
vulnerability VCID-1aq3-9h3n-myct
2
vulnerability VCID-1thr-9zfa-1yhp
3
vulnerability VCID-3amw-v6wf-8yg7
4
vulnerability VCID-3jws-ajsq-v7eq
5
vulnerability VCID-4n88-ybjw-bqdk
6
vulnerability VCID-6hks-9uk3-23at
7
vulnerability VCID-6zw4-uug8-yfd9
8
vulnerability VCID-7d3x-8s7g-ykds
9
vulnerability VCID-7gkx-ws2v-hyd7
10
vulnerability VCID-7kdb-yy6k-ebd1
11
vulnerability VCID-8yxm-uj2h-rufj
12
vulnerability VCID-925h-gz4a-xqf2
13
vulnerability VCID-b1qv-6g2z-x7b2
14
vulnerability VCID-c3sg-db87-9ff8
15
vulnerability VCID-d9f2-h26a-dyam
16
vulnerability VCID-dvgd-81c2-e3ee
17
vulnerability VCID-ejxc-gtuk-fyfx
18
vulnerability VCID-f2cp-ca22-gba8
19
vulnerability VCID-hmss-qvuy-rfcx
20
vulnerability VCID-mfeg-t1ta-a3ck
21
vulnerability VCID-nddv-x2uq-vyeu
22
vulnerability VCID-pqxq-5v7x-rydd
23
vulnerability VCID-qq58-u49k-ybgk
24
vulnerability VCID-qy5r-zztu-qubx
25
vulnerability VCID-qyeh-yjgg-zfdf
26
vulnerability VCID-ry56-8zuz-3bda
27
vulnerability VCID-ssbq-f1d6-m7bh
28
vulnerability VCID-uksu-hbtt-6qdk
29
vulnerability VCID-urgt-uz5n-zyds
30
vulnerability VCID-v3vx-zast-efeg
31
vulnerability VCID-yap2-7ggv-jkaw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.3.6
aliases CVE-2021-4130, GHSA-4w23-c97g-fq5v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcjg-sccj-zugf
42
url VCID-yap2-7ggv-jkaw
vulnerability_id VCID-yap2-7ggv-jkaw
summary Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44381
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47743
published_at 2026-06-12T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.47603
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44381
1
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it
2
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44381
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44381
4
reference_url https://github.com/advisories/GHSA-qqv9-gqh5-7h99
reference_id GHSA-qqv9-gqh5-7h99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qqv9-gqh5-7h99
5
reference_url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
reference_id multiple-vulnerabilities-in-snipe-it
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:20:46Z/
url https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
fixed_packages
aliases CVE-2022-44381, GHSA-qqv9-gqh5-7h99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yap2-7ggv-jkaw
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@5.0.1