Homepage
About Snyk

snipe/snipe-it vulnerabilities

  • licenses detected

    • AGPL-3.0
      >=v0.1.0, <v3.0-alpha; >=v3.0
    • MIT
      >=v3.0-alpha, <v3.0
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the snipe/snipe-it package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Request Forgery (CSRF)

<6.2.3
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

<6.2.2
  • M
Cross-site Scripting (XSS)

<6.0.14
  • M
Improper Access Control

<6.0.14
  • M
Access Restriction Bypass

<6.0.11
  • L
Cross-site Scripting (XSS)

<6.0.11
  • M
Session Fixation

<6.0.10
  • M
Arbitrary File Upload

<6.3.2
  • M
Arbitrary File Upload

>=0.0.0
  • M
Information Exposure

>=0.3.0-alpha, <5.3.8
  • M
Access Restriction Bypass

<5.4.4
  • C
Cross-site Scripting (XSS)

<5.4.4
  • H
Cross-site Scripting (XSS)

<5.4.3
  • H
Business Logic Errors

<5.4.2
  • M
Information Exposure

<5.4.0
  • M
Improper Privilege Management

<5.4.0
  • M
Access Restriction Bypass

<5.3.10
  • M
Information Exposure

<5.3.10
  • M
Improper Access Control

<6.0.0-RC-1
  • M
Improper Access Control

<5.3.7
  • M
Cross-site Request Forgery (CSRF)

>=0.0.0, <v5.3.6
  • M
Cross-site Scripting (XSS)

<5.3.5
  • M
Access Restriction Bypass

>=0.0.0, <v5.3.4
  • L
Server-side Request Forgery (SSRF)

<6.0.0-RC-1
  • M
Cross-site Scripting (XSS)

<5.3.3
  • M
Cross-site Scripting (XSS)

<5.3.2
  • L
Cross-site Scripting (XSS)

>=0.0.0, <v5.3.2
  • M
Cross-site Request Forgery (CSRF)

>=0.0.0, <v5.3.2
  • M
Cross-site Request Forgery (CSRF)

<5.3.0
  • M
Cross-site Scripting (XSS)

<5.3.0
  • M
Cross-site Scripting (XSS)

<5.3.0
  • M
Cross-site Scripting (XSS)

<4.6.14