Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
snipe/snipe-it v0.3.9-alpha | Vulnerabilit… | Sonatype Guide
composer
snipe
snipe-it
v0.3.9-alpha
snipe-it v0.3.9-alpha
snipe
Published
Jul 3, 2014
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
275
Versions
275
Vulnerabilities
55
Vulnerabilities
55
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(13)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
8.8
CVE-2025-15602
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
affected
Severity
High
Published
Mar 10, 2026
8.1
CVE-2025-59713
Snipe-IT before 8.1.18 allows unsafe deserialization.
affected
Severity
High
Published
Sep 24, 2025
8.7
CVE-2024-51093
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
affected
Severity
High
Published
Nov 13, 2024
8.1
CVE-2024-5685
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
affected
Severity
High
Published
Jun 17, 2024
8.8
CVE-2023-5511
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
affected
Severity
High
Published
Oct 11, 2023
7.3
sonatype-2022-5740
snipe-it - Improper Neutralization of Formula Elements in a CSV File
affected
Severity
High
Published
Oct 3, 2022
8.0
CVE-2022-2997
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
affected
Severity
High
Published
Aug 26, 2022
7.5
sonatype-2022-2830
snipe-it - Integer Overflow
affected
Severity
High
Published
May 16, 2022
7.4
CVE-2022-1155
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
affected
Severity
High
Published
Mar 31, 2022
8.8
CVE-2022-0611
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
affected
Severity
High
Published
Feb 15, 2022
8.8
CVE-2021-4130
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
affected
Severity
High
Published
Dec 20, 2021
7.2
CVE-2021-4075
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
affected
Severity
High
Published
Dec 7, 2021
8.8
CVE-2021-3858
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
affected
Severity
High
Published
Oct 5, 2021
