-
-
Notifications
You must be signed in to change notification settings - Fork 999
Security: inventree/InvenTree
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Uncontrolled memory allocation via built-in label-sheet pluginGHSA-m2ch-h84r-p9r6 published
Jun 2, 2025 by SchrodingersGatLow -
SSRF - exposes server port/internal IPGHSA-vx3h-qwqw-r2wq published
Oct 2, 2024 by SchrodingersGatModerate -
Stored XSS Vulnerability in Markdown EditorGHSA-wp3m-jhgv-rhqr published
Oct 6, 2024 by SchrodingersGatHigh -
API bypasses MFA RequirementsGHSA-2crp-q9pc-457j published
May 24, 2024 by SchrodingersGatHigh -
Stored XSS via SVG FileGHSA-6rvx-85f8-rcgc published
Sep 24, 2022 by SchrodingersGatModerate -
No limit set on "notes" fieldsGHSA-mmm6-rwf8-ghv3 published
Jun 20, 2022 by SchrodingersGatModerate -
Attachments can be created and edited by user with read-only permissionsGHSA-525m-qp9h-6p52 published
Jun 18, 2022 by SchrodingersGatModerate -
Password reset provides information on email accountsGHSA-v376-fwpp-7qhp published
Jun 18, 2022 by SchrodingersGatModerate -
Authentication token not required to disable 2FAGHSA-8j76-mm54-52xq published
Jun 23, 2022 by SchrodingersGatModerate -
XSS Vulnerability in Markdown EditorGHSA-85q9-7467-r53q published
Jun 16, 2022 by SchrodingersGatHigh