Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/snipe/snipe-it@8.1.18
Typecomposer
Namespacesnipe
Namesnipe-it
Version8.1.18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.4.1
Latest_non_vulnerable_version8.4.1
Affected_by_vulnerabilities
0
url VCID-1d8d-19xp-9qdz
vulnerability_id VCID-1d8d-19xp-9qdz
summary 
Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08637
published_at 2026-06-07T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08627
published_at 2026-06-09T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.0859
published_at 2026-06-08T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0864
published_at 2026-06-05T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08657
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
3
reference_url https://snipeitapp.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipeitapp.com
4
reference_url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
reference_id CVE-2025-15602
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
6
reference_url https://github.com/advisories/GHSA-5448-v74m-7mv7
reference_id GHSA-5448-v74m-7mv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5448-v74m-7mv7
7
reference_url https://snipeitapp.com/
reference_id snipeitapp.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://snipeitapp.com/
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.7
purl pkg:composer/snipe/snipe-it@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6qb4-an9b-aufh
1
vulnerability VCID-6wam-dqsj-e3dv
2
vulnerability VCID-hy2w-kubr-x7as
3
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.7
aliases CVE-2025-15602, GHSA-5448-v74m-7mv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1d8d-19xp-9qdz
1
url VCID-6qb4-an9b-aufh
vulnerability_id VCID-6qb4-an9b-aufh
summary 
Snipe-IT has an open redirect vulnerability
Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable.

### Impact

-   **Phishing**: Redirect users to fake login pages to steal credentials
-   **Session Hijacking**: Redirect to attacker site that captures session cookies via JavaScript
-   **Malware Distribution**: Redirect to sites hosting malware or drive-by downloads
-   **Reputation Damage**: Users lose trust when redirected to malicious sites from legitimate application
-   **Social Engineering**: Use trusted Snipe-IT domain to increase phishing success rate

When the user clicks "Save", the application: 
1. Processes the form 
2. Checks `redirect_option` (if set to 'back') 
3. Calls `Helper::getRedirectOption()` 
4. Retrieves `back_url` from session: `https://evil.com/phishing?target=snipeit` 
5. Executes `redirect()->to($backUrl)` 
6. User is redirected to attacker's site

This would still require session poisoning, so the actual practical threat here is minimal. 

### Patches
Patched in https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373, released in 8.4.1.

### Workarounds
 None.

### Resources
-   CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
-   OWASP: Unvalidated Redirects and Forwards
-   Laravel Security: Safe Redirects

[snipeit_open_redirect_submission.md](https://github.com/user-attachments/files/27414869/snipeit_open_redirect_submission.md)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0209
published_at 2026-06-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02114
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02121
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02109
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02097
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
reference_id CVE-2026-44833
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
4
reference_url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
reference_id e37649212861a337e68a624e589c3540b7a82373
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
5
reference_url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44833, GHSA-mghp-5cq4-v6mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qb4-an9b-aufh
2
url VCID-6wam-dqsj-e3dv
vulnerability_id VCID-6wam-dqsj-e3dv
summary 
Snipe-IT has Privilege Escalation via API Permissions Assignment
### Impact
An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users.

### Patches
Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.0257
published_at 2026-06-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02665
published_at 2026-06-05T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02673
published_at 2026-06-06T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02619
published_at 2026-06-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02603
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
reference_id CVE-2026-44832
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
5
reference_url https://github.com/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq28-crg7-95pr
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44832, GHSA-hq28-crg7-95pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wam-dqsj-e3dv
3
url VCID-bkce-dwzp-yqda
vulnerability_id VCID-bkce-dwzp-yqda
summary 
Snipe-IT allows stored XSS via the Locations "Country" field
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.0769
published_at 2026-06-07T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07658
published_at 2026-06-09T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07644
published_at 2026-06-08T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07703
published_at 2026-06-05T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07715
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
4
reference_url http://snipeitapp.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url http://snipeitapp.com
5
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
7
reference_url https://github.com/advisories/GHSA-4g25-wj72-chxg
reference_id GHSA-4g25-wj72-chxg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g25-wj72-chxg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-c5ff-jcx2-8qef
4
vulnerability VCID-hy2w-kubr-x7as
5
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65622, GHSA-4g25-wj72-chxg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkce-dwzp-yqda
4
url VCID-bpnp-1u65-zuc5
vulnerability_id VCID-bpnp-1u65-zuc5
summary 
Snipe-IT is vulnerable to stored cross-site scripting
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06925
published_at 2026-06-09T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06917
published_at 2026-06-08T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06955
published_at 2026-06-07T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06968
published_at 2026-06-06T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06963
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
3
reference_url http://snipeitapp.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url http://snipeitapp.com
4
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
6
reference_url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
reference_id GHSA-fww5-m9wc-jcjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-c5ff-jcx2-8qef
4
vulnerability VCID-hy2w-kubr-x7as
5
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65621, GHSA-fww5-m9wc-jcjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpnp-1u65-zuc5
5
url VCID-c5ff-jcx2-8qef
vulnerability_id VCID-c5ff-jcx2-8qef
summary 
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0213
published_at 2026-06-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-06-09T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02117
published_at 2026-06-08T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02134
published_at 2026-06-05T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02141
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/cybercrewinc/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cybercrewinc/CVE-2025-64027
3
reference_url https://github.com/cybercrewinc/CVE-2025-64027/
reference_id CVE-2025-64027
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/cybercrewinc/CVE-2025-64027/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
5
reference_url https://github.com/advisories/GHSA-8x9v-8qgj-945x
reference_id GHSA-8x9v-8qgj-945x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x9v-8qgj-945x
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.5
purl pkg:composer/snipe/snipe-it@8.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-hy2w-kubr-x7as
4
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.5
aliases CVE-2025-64027, GHSA-8x9v-8qgj-945x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5ff-jcx2-8qef
6
url VCID-hy2w-kubr-x7as
vulnerability_id VCID-hy2w-kubr-x7as
summary 
Snipe-IT has insecure permissions in file uploads
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the `app/Http/Controllers/Api/UploadedFilesController.php` component

### Impact
Users who can view assets, consumables, etc were able to send a POST request to `/api/v1/{object_type}/{id}/files`. The API authorized with "view" instead of write permission and persists the file and audit log entry.

### Patches
Fixed after 2026-03-10 commit 676a9958, fix released to 8.4.1.

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51812
published_at 2026-06-05T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51801
published_at 2026-06-07T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51822
published_at 2026-06-06T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.54176
published_at 2026-06-08T12:55:00Z
4
value 0.00306
scoring_system epss
scoring_elements 0.54198
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
5
reference_url https://github.com/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg82-2hrv-hf64
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-37709, GHSA-xg82-2hrv-hf64
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy2w-kubr-x7as
7
url VCID-xk24-e9d1-4bd8
vulnerability_id VCID-xk24-e9d1-4bd8
summary 
Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
### Impact
Users with component view access could be impacted by an unescaped `notes` column. 

### Patches
This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. 

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01987
published_at 2026-06-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.0201
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02017
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02006
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.01993
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
reference_id CVE-2026-44831
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
5
reference_url https://github.com/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r42m-953q-6vjx
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44831, GHSA-r42m-953q-6vjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk24-e9d1-4bd8
Fixing_vulnerabilities
0
url VCID-6xuf-y113-3qh1
vulnerability_id VCID-6xuf-y113-3qh1
summary 
Snipe-IT allows XSS
Snipe-IT before 8.1.18 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01584
published_at 2026-06-05T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0158
published_at 2026-06-09T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01583
published_at 2026-06-08T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0159
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-19T13:49:48Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
reference_id CVE-2025-59712
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
4
reference_url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
reference_id GHSA-c9wp-pr7f-hfqm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-bkce-dwzp-yqda
4
vulnerability VCID-bpnp-1u65-zuc5
5
vulnerability VCID-c5ff-jcx2-8qef
6
vulnerability VCID-hy2w-kubr-x7as
7
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59712, GHSA-c9wp-pr7f-hfqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xuf-y113-3qh1
1
url VCID-9uf7-64th-4kb9
vulnerability_id VCID-9uf7-64th-4kb9
summary 
Snipe-IT allows unsafe deserialization
Snipe-IT before 8.1.18 allows unsafe deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12022
published_at 2026-06-06T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11919
published_at 2026-06-09T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11909
published_at 2026-06-08T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12026
published_at 2026-06-05T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11983
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T13:49:18Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
reference_id CVE-2025-59713
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
4
reference_url https://github.com/advisories/GHSA-phwj-fgch-xvrj
reference_id GHSA-phwj-fgch-xvrj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwj-fgch-xvrj
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-bkce-dwzp-yqda
4
vulnerability VCID-bpnp-1u65-zuc5
5
vulnerability VCID-c5ff-jcx2-8qef
6
vulnerability VCID-hy2w-kubr-x7as
7
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59713, GHSA-phwj-fgch-xvrj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uf7-64th-4kb9
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18