PT-2026-21846

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.3 Description InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom...

EUVD-2022-6042

Malicious code in bioql PyPI...

EUVD-2022-34399

Malicious code in bioql PyPI...

EUVD-2024-42543

Malicious code in bioql PyPI...

EUVD-2025-16786

Malicious code in bioql PyPI...

EUVD-2022-6715

Malicious code in bioql PyPI...

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

CVE-2025-49000

InvenTree (before v0.17.13) has an unbounded skip field in the built-in label-sheet plugin. An authenticated label-printing user can trigger a denial-of-service via memory exhaustion by supplying a large value, as described in CVE-2025-49000. The issue is fixed in v0.17.13 and higher. No workarou...

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

PT-2025-23674

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.17.13 Description The issue affects the built-in label-sheet plugin, where the skip field lacks an upper bound. This allows any authenticated label-printing user to trigger a denial-of-service via memory exhaustio...

InvenTree 安全漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...

CVE-2022-3355

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

CVE-2022-2113

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2112

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2134

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0...

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...