EUVD-2026-33829

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

PT-2026-45660

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

CVE-2022-31007

eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The...

PT-2025-44056

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.3.0 Description eLabFTW, an electronic lab notebook, allowed the serving of uploaded SVG files inline. Due to SVG’s support for active content, a malicious SVG file could be uploaded and executed when viewed, leadin...

EUVD-2021-19497

Malware in sbrugna...

EUVD-2024-41463

Malicious code in bioql PyPI...

EUVD-2023-28276

Malicious code in bioql PyPI...

EUVD-2024-25264

Malicious code in bioql PyPI...

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if...

CVE-2024-25633

CVE-2024-25633 affects eLabFTW, where versions 4.4.0 up to (and not including) 5.0.0 allow regular users to create new, validated accounts within their team. If anonymous access is enabled, unauthenticated users can create accounts in any team. The issue was fixed starting with version 5.0.0 (Feb...

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

Arbitrary file deletion

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

Agilebio Lab Collector 4.234 Remote Code Execution

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

AgileBio Electronic Lab Notebook 安全漏洞

AgileBio Electronic Lab Notebook is an editor from AgileBio Electronic. A security vulnerability exists in AgileBio Electronic Lab Notebook version v4.234 that stems from the presence of a local file inclusion vulnerability...

CVE-2022-31178

CVE-2022-31178 affects the eLabFTW electronic lab notebook. A vulnerability allows a logged-in user to read a template without proper authorization. Red Hat and other sources corroborate the issue and note a fix in version 4.3.4. Affected systems should upgrade to 4.3.4 or later to remediate. If ...

CVE-2021-43834 Incorrect Authentication in elabftw

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances wher...

CVE-2021-43833

CVE-2021-43833 affects eLabFTW prior to version 4.2.0, where an authenticated user can gain access to arbitrary accounts by supplying a specially crafted email address. The issue applies to instances lacking an explicit email domain allowlist. Administrators’ and target users’ notifications are n...