pkg:Packagist/snipe/snipe-it

46 total CVEsCRITICAL1HIGH11MEDIUM30LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-37709Snipe-IT has insecure permissions in file uploads
    from 0, < 8.4.1
  • HIGH8.8CVE-2025-15602Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
    from 0, < 8.3.7
  • HIGH8.8CVE-2023-5511Cross-Site Request Forgery (CSRF) in snipe/snipe-it
    from 0, < 6.2.3
  • HIGH8.8CVE-2022-23064snipe-IT vulnerable to host header injection
    >= 3.0-alpha, < 5.4.0
  • HIGH8.8CVE-2022-0611Improper Privilege Management in Snipe-IT
    from 0, < 5.3.11
  • HIGH8.8CVE-2021-4130snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
    from 0, < 5.3.6
  • HIGH8.7CVE-2024-51093Cross Site Scripting vulnerability in Snipe-IT
    from 0, <= 7.0.13
  • HIGH8.1CVE-2024-5685Snipe-IT allows users to promote or demote themselves or other users
    from 0, < 6.4.2
  • HIGH8.0CVE-2021-3961Cross-site Scripting in snipe/snipe-it
    from 0, < 5.3.2
  • HIGH7.4CVE-2022-1155Old sessions not blocked by login enable function in Snipe-IT
    >= 6.0.0-RC-1, < 6.0.0-RC-6
  • HIGH7.2CVE-2024-48987Snipe-IT remote code execution
    from 0, < 7.0.10
  • HIGH7.2CVE-2021-4075Server-Side Request Forgery in snipe/snipe-it
    from 0, < 6.0.0-GM
  • MEDIUM6.8CVE-2025-59713Snipe-IT allows unsafe deserialization
    from 0, < 8.1.18
  • MEDIUM6.8CVE-2021-3879Cross-site Scripting in snipe-it
    from 0, < 5.3.0
  • MEDIUM6.5CVE-2022-1511Improper Access Control in snipe/snipe-it
    from 0, < 5.4.4
  • MEDIUM6.5CVE-2022-0579Improper Privilege Management in Snipe-IT
    from 0, < 5.3.9
  • MEDIUM6.4CVE-2025-59712Snipe-IT allows XSS
    from 0, < 8.1.18
  • MEDIUM6.4CVE-2021-4108snipe-it is vulnerable to Cross-site Scripting
    from 0, < 5.3.5
  • MEDIUM6.1CVE-2019-10118Snipe-IT XSS Vulnerability
    from 0, < 4.6.14
  • MEDIUM5.9CVE-2026-44833Snipe-IT has an open redirect vulnerability
    from 0, < 8.4.1
  • MEDIUM5.5CVE-2021-3863Cross-site Scripting in snipe-it
    from 0, < 5.3.0
  • MEDIUM5.4CVE-2025-65621Snipe-IT is vulnerable to stored cross-site scripting
    from 0, < 8.3.4
  • MEDIUM5.4CVE-2023-5452Cross-site Scripting in snipe/snipe-it
    from 0, < 6.2.2
  • MEDIUM5.4CVE-2022-44380Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
    from 0, < 6.0.14
  • MEDIUM5.4CVE-2022-1445Stored cross-site scripting in Snipe-IT
    from 0, < 5.4.3
  • MEDIUM5.4CVE-2022-1380Cross-site Scripting in snipe-it
    from 0, < 5.4.3
  • MEDIUM5.4CVE-2022-0178Improper Access Control in snipe-it
    from 0, < 5.3.8
  • MEDIUM5.4CVE-2022-0179Incorrect Default Permissions and Improper Access Control in snipe-it
    from 0, < 5.3.7
  • MEDIUM5.4CVE-2021-4018snipe-it is vulnerable to Cross-site Scripting
    from 0, < 5.3.3
  • MEDIUM5.3CVE-2022-44381Snipe-IT allows attackers to check whether a user account exists
    from 0, <= 6.0.14
  • MEDIUM5.3CVE-2022-0622Generation of Error Message Containing Sensitive Information in Snipe-IT
    from 0, < 5.3.11
  • MEDIUM5.0CVE-2025-47226Grokability Snipe-IT has incorrect authorization for accessing asset information
    from 0, < 8.1.0
  • MEDIUM4.8CVE-2026-44831Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
    from 0, < 8.4.1
  • MEDIUM4.8CVE-2022-3035snipe-it vulnerable to cross-site scripting (XSS)
    from 0, < 6.0.11
  • MEDIUM4.8CVE-2022-32061Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
    from 0, <= 6.0.2
  • MEDIUM4.8CVE-2022-32060Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
    from 0, <= 6.0.2
  • MEDIUM4.6CVE-2022-2997Insufficient Session Expiration in snipe/snipe-it
    from 0, < 6.0.10
  • MEDIUM4.3CVE-2022-3173Snipe-IT vulnerable to Improper Authentication
    from 0, < 6.0.10
  • MEDIUM4.3CVE-2022-0569Exposure of Sensitive Information in snipe/snipe-it
    from 0, < 5.3.10
  • MEDIUM4.3CVE-2021-4089snipe-it is vulnerable to Improper Access Control
    from 0, < 5.3.4
  • MEDIUM4.3CVE-2021-3931snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
    from 0, <= 5.3.1
  • MEDIUM4.3CVE-2021-3858Cross-Site Request Forgery in snipe-it
    from 0, < 5.3.0
  • LOW3.9CVE-2021-3938snipe-it is vulnerable to Cross-site Scripting
    from 0, < 5.4.0
  • CVE-2026-44832Snipe-IT has Privilege Escalation via API Permissions Assignment
    from 0, < 8.4.1
  • CVE-2025-65622Snipe-IT allows stored XSS via the Locations "Country" field
    from 0, < 8.3.4
  • CVE-2025-64027Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
    from 0, <= 8.3.4