Inventree Security Vulnerabilities and Issues — Inventree CVE List

Lucene search

Inventree ProjectInventree

7 matches found

CVE•added 2022/06/17 1:15 p.m.•62 views

CVE-2022-2111

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.

9CVSS8.7AI score0.00459EPSS

CVE•added 2022/06/17 1:15 p.m.•61 views

CVE-2022-2112

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

9CVSS8.7AI score0.0041EPSS

CVE•added 2022/06/17 1:15 p.m.•50 views

CVE-2022-2113

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.

8.4CVSS5.6AI score0.00435EPSS

CVE•added 2022/09/29 10:15 a.m.•47 views

CVE-2022-3355

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.

8.2CVSS5.6AI score0.00202EPSS

CVE•added 2025/06/03 9:15 p.m.•44 views

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-serv...

3.5CVSS6.7AI score0.00036EPSS

CVE•added 2022/06/20 3:15 p.m.•43 views

CVE-2022-2134

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0.

7.1CVSS6.6AI score0.00263EPSS

CVE•added 2024/10/07 9:15 p.m.•40 views

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed ...

7.3CVSS7AI score0.00105EPSS