Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
snipe/snipe-it v0.3.9-alpha | Vulnerabilit… | Sonatype Guide
composer
snipe
snipe-it
v0.3.9-alpha
snipe-it v0.3.9-alpha
snipe
Published
Jul 3, 2014
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
275
Versions
275
Vulnerabilities
55
Vulnerabilities
55
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(42)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.4
CVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
affected
Severity
Medium
Published
Feb 6, 2026
5.4
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
affected
Severity
Medium
Published
Dec 4, 2025
5.4
CVE-2025-65621
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
affected
Severity
Medium
Published
Dec 3, 2025
5.3
CVE-2025-63601
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
affected
Severity
Medium
Published
Nov 6, 2025
5.4
CVE-2025-59712
Snipe-IT before 8.1.18 allows XSS.
affected
Severity
Medium
Published
Sep 24, 2025
6.6
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
affected
Severity
Medium
Published
Oct 14, 2024
6.8
sonatype-2023-4422
github.com/snipe/snipe-it - Cross-Site Request Forgery (CSRF)
affected
Severity
Medium
Published
Oct 13, 2023
5.4
CVE-2023-5452
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
affected
Severity
Medium
Published
Oct 13, 2023
6.1
CVE-2021-36713
Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.
affected
Severity
Medium
Published
Mar 8, 2023
5.4
CVE-2022-44380
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
affected
Severity
Medium
Published
Jan 2, 2023
5.3
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
affected
Severity
Medium
Published
Dec 14, 2022
4.3
CVE-2022-3173
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
affected
Severity
Medium
Published
Sep 19, 2022
4.8
CVE-2022-3035
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
affected
Severity
Medium
Published
Aug 31, 2022
4.8
CVE-2022-32060
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
affected
Severity
Medium
Published
Jul 11, 2022
4.8
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
affected
Severity
Medium
Published
Jul 11, 2022
6.5
sonatype-2022-3694
snipe-it - Information Exposure Through an Error Message
affected
Severity
Medium
Published
Jun 23, 2022
6.5
CVE-2022-1511
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
affected
Severity
Medium
Published
Apr 29, 2022
5.4
CVE-2022-1445
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
affected
Severity
Medium
Published
Apr 25, 2022
5.4
CVE-2022-1380
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
affected
Severity
Medium
Published
Apr 18, 2022
6.1
sonatype-2022-2107
snipe-it - Cross-site Scripting (XSS)
affected
Severity
Medium
Published
Apr 11, 2022
5.3
sonatype-2021-4898
snipe-it - Insufficient Granularity of Access Control
affected
Severity
Medium
Published
Mar 10, 2022
6.8
sonatype-2021-4897
snipe-it - Cross-Site Request Forgery (CSRF)
affected
Severity
Medium
Published
Mar 10, 2022
5.4
sonatype-2021-4895
snipe-it - The UI Performs the Wrong Action
affected
Severity
Medium
Published
Mar 3, 2022
5.3
CVE-2022-0622
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
affected
Severity
Medium
Published
Feb 17, 2022
4.3
CVE-2022-0569
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
affected
Severity
Medium
Published
Feb 15, 2022
1-25 of 42
