pkg:Packagist/snipe/snipe-it

All known vulnerabilities

• CRITICAL9.8CVE-2026-37709Snipe-IT has insecure permissions in file uploads
  from 0, < 8.4.1
• HIGH8.8CVE-2026-44832Snipe-IT has Privilege Escalation via API Permissions Assignment
  from 0, < 8.4.1
• HIGH8.8Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
  from 0, < 8.3.7
• HIGH8.8Cross-Site Request Forgery (CSRF) in snipe/snipe-it
  from 0, < 6.2.3
• HIGH8.8snipe-IT vulnerable to host header injection
  >= 3.0-alpha, < 5.4.0
• HIGH8.8Improper Privilege Management in Snipe-IT
  from 0, < 5.3.11
• HIGH8.8snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, < 5.3.6
• HIGH8.7Cross Site Scripting vulnerability in Snipe-IT
  from 0, <= 7.0.13
• HIGH8.1Snipe-IT allows users to promote or demote themselves or other users
  from 0, < 6.4.2
• HIGH8.0Cross-site Scripting in snipe/snipe-it
  from 0, < 5.3.2
• HIGH7.4Old sessions not blocked by login enable function in Snipe-IT
  >= 6.0.0-RC-1, < 6.0.0-RC-6
• HIGH7.2Snipe-IT remote code execution
  from 0, < 7.0.10
• HIGH7.2Server-Side Request Forgery in snipe/snipe-it
  from 0, < 6.0.0-GM
• MEDIUM6.8Snipe-IT allows unsafe deserialization
  from 0, < 8.1.18
• MEDIUM6.8Cross-site Scripting in snipe-it
  from 0, < 5.3.0
• MEDIUM6.5Improper Access Control in snipe/snipe-it
  from 0, < 5.4.4
• MEDIUM6.5Improper Privilege Management in Snipe-IT
  from 0, < 5.3.9
• MEDIUM6.4Snipe-IT allows XSS
  from 0, < 8.1.18
• MEDIUM6.4snipe-it is vulnerable to Cross-site Scripting
  from 0, < 5.3.5
• MEDIUM6.1Snipe-IT XSS Vulnerability
  from 0, < 4.6.14
• MEDIUM5.9Snipe-IT has an open redirect vulnerability
  from 0, < 8.4.1
• MEDIUM5.5Cross-site Scripting in snipe-it
  from 0, < 5.3.0
• MEDIUM5.4Snipe-IT is vulnerable to stored cross-site scripting
  from 0, < 8.3.4
• MEDIUM5.4Cross-site Scripting in snipe/snipe-it
  from 0, < 6.2.2
• MEDIUM5.4Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
  from 0, < 6.0.14
• MEDIUM5.4Stored cross-site scripting in Snipe-IT
  from 0, < 5.4.3
• MEDIUM5.4Cross-site Scripting in snipe-it
  from 0, < 5.4.3
• MEDIUM5.4Improper Access Control in snipe-it
  from 0, < 5.3.8
• MEDIUM5.4Incorrect Default Permissions and Improper Access Control in snipe-it
  from 0, < 5.3.7
• MEDIUM5.4snipe-it is vulnerable to Cross-site Scripting
  from 0, < 5.3.3
• MEDIUM5.3Snipe-IT allows attackers to check whether a user account exists
  from 0, <= 6.0.14
• MEDIUM5.3Generation of Error Message Containing Sensitive Information in Snipe-IT
  from 0, < 5.3.11
• MEDIUM5.0Grokability Snipe-IT has incorrect authorization for accessing asset information
  from 0, < 8.1.0
• MEDIUM4.8Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
  from 0, < 8.4.1
• MEDIUM4.8snipe-it vulnerable to cross-site scripting (XSS)
  from 0, < 6.0.11
• MEDIUM4.8Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
  from 0, <= 6.0.2
• MEDIUM4.8Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
  from 0, <= 6.0.2
• MEDIUM4.6Insufficient Session Expiration in snipe/snipe-it
  from 0, < 6.0.10
• MEDIUM4.3Snipe-IT vulnerable to Improper Authentication
  from 0, < 6.0.10
• MEDIUM4.3Exposure of Sensitive Information in snipe/snipe-it
  from 0, < 5.3.10
• MEDIUM4.3snipe-it is vulnerable to Improper Access Control
  from 0, < 5.3.4
• MEDIUM4.3snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
  from 0, <= 5.3.1
• MEDIUM4.3Cross-Site Request Forgery in snipe-it
  from 0, < 5.3.0
• LOW3.9snipe-it is vulnerable to Cross-site Scripting
  from 0, < 5.4.0
• —Snipe-IT allows stored XSS via the Locations "Country" field
  from 0, < 8.3.4
• —Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
  from 0, <= 8.3.4