Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

inventree — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting inventree. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by inventree:InvenTreeinventree/inventree
CVE IDTitleCVSSSeverityPublished
CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs — InvenTreeCWE-918 7.1AIHighAI2026-04-08
CVE-2026-35479 InvenTree Plugin Installation - Insufficient Permissions — InvenTreeCWE-285 6.6 Medium2026-04-08
CVE-2026-35476 InvenTree Affected by Privilege Escalation via API — InvenTreeCWE-285 7.2 High2026-04-08
CVE-2026-35478 InvenTree has Arbitrary API Token Creation — InvenTreeCWE-639 8.3 High2026-04-08
CVE-2026-35477 InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape — InvenTreeCWE-1336 5.5 Medium2026-04-08
CVE-2026-33531 InvenTree has Path Traversal In Report Templates — InvenTreeCWE-89 4.9 -2026-03-26
CVE-2026-33530 InvenTree Vulnerable to ORM Filter Injection — InvenTreeCWE-202 7.7 High2026-03-26
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI) — InvenTreeCWE-1336 5.9 Medium2026-02-25
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin — InvenTreeCWE-400 3.5 Low2025-06-03
CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor — InvenTreeCWE-79 7.3 High2024-10-07
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree — inventree/inventreeCWE-79 5.4 -2022-09-29
CVE-2022-2134 Allocation of Resources Without Limits or Throttling in inventree/inventree — inventree/inventreeCWE-770 7.5 -2022-06-20
CVE-2022-2113 Cross-site Scripting (XSS) - Stored in inventree/inventree — inventree/inventreeCWE-79 5.4 -2022-06-17
CVE-2022-2112 Improper Neutralization of Formula Elements in a CSV File in inventree/inventree — inventree/inventreeCWE-1236 8.8 -2022-06-17
CVE-2022-2111 Unrestricted Upload of File with Dangerous Type in inventree/inventree — inventree/inventreeCWE-434 8.8 -2022-06-17

This page lists every published CVE security advisory associated with inventree. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.