{"package":"snipe/snipe-it","ecosystem":"composer","latest_version":"v8.4.1","description":"Open source asset management system built on Laravel.","license":"AGPL-3.0-or-later","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"","repository":"https://github.com/grokability/snipe-it","downloads_weekly":0,"health":{"score":45,"risk":"high","breakdown":{"maintenance":25,"popularity":0,"security":5,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":7,"critical":0,"high":2,"medium":5,"low":0,"details":[{"vuln_id":"CVE-2021-3931","severity":"medium","summary":"snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)","affected_versions":"<=5.3.1|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1","fixed_version":null,"source":"osv","published_at":"2021-11-15T23:19:09Z","in_kev":false,"epss_prob":0.00128,"epss_percentile":0.31751,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-4075","severity":"high","summary":"Server-Side Request Forgery in snipe/snipe-it","affected_versions":"<6.0.0-GM|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4","fixed_version":"6.0.0-GM","source":"osv","published_at":"2021-12-10T20:22:15Z","in_kev":false,"epss_prob":0.00274,"epss_percentile":0.50819,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-64027","severity":"medium","summary":"Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow","affected_versions":"<=8.3.4|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4|=v6.0.0|=v6.0.0-RC-1|=v6.0.0-RC-2|=v6.0.0-RC-3|=v6.0.0-RC-4|=v6.0.0-RC-5|=v6.0.0-RC-6|=v6.0.0-RC-7|=v6.0.0-RC-8|=v6.0.1|=v6.0.10|=v6.0.11|=v6.0.12|=v6.0.13|=v6.0.14|=v6.0.2|=v6.0.3|=v6.0.4|=v6.0.5|=v6.0.6|=v6.0.7|=v6.0.8|=v6.0.9|=v6.1.0|=v6.1.1|=v6.1.2|=v6.2.0|=v6.2.1|=v6.2.2|=v6.2.3|=v6.3.0|=v6.3.1|=v6.3.2|=v6.3.3|=v6.3.4|=v6.4.0|=v6.4.1|=v6.4.2|=v7.0.0|=v7.0.1|=v7.0.10|=v7.0.11|=v7.0.12|=v7.0.13|=v7.0.2|=v7.0.3|=v7.0.4|=v7.0.5|=v7.0.6|=v7.0.7|=v7.0.8|=v7.0.9|=v7.1.14|=v7.1.15|=v7.1.16|=v7.1.17|=v8.0.0|=v8.0.1|=v8.0.2|=v8.0.3|=v8.0.4|=v8.1.0|=v8.1.1|=v8.1.15|=v8.1.16|=v8.1.17|=v8.1.18|=v8.1.2|=v8.1.3|=v8.1.4|=v8.2.0|=v8.2.1|=v8.3.0|=v8.3.1|=v8.3.2|=v8.3.3|=v8.3.4","fixed_version":null,"source":"osv","published_at":"2025-11-20T18:31:01Z","in_kev":false,"epss_prob":0.0001,"epss_percentile":0.01121,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-51093","severity":"high","summary":"Cross Site Scripting vulnerability in Snipe-IT","affected_versions":"<=7.0.13|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4|=v6.0.0|=v6.0.0-RC-1|=v6.0.0-RC-2|=v6.0.0-RC-3|=v6.0.0-RC-4|=v6.0.0-RC-5|=v6.0.0-RC-6|=v6.0.0-RC-7|=v6.0.0-RC-8|=v6.0.1|=v6.0.10|=v6.0.11|=v6.0.12|=v6.0.13|=v6.0.14|=v6.0.2|=v6.0.3|=v6.0.4|=v6.0.5|=v6.0.6|=v6.0.7|=v6.0.8|=v6.0.9|=v6.1.0|=v6.1.1|=v6.1.2|=v6.2.0|=v6.2.1|=v6.2.2|=v6.2.3|=v6.3.0|=v6.3.1|=v6.3.2|=v6.3.3|=v6.3.4|=v6.4.0|=v6.4.1|=v6.4.2|=v7.0.0|=v7.0.1|=v7.0.10|=v7.0.11|=v7.0.12|=v7.0.13|=v7.0.2|=v7.0.3|=v7.0.4|=v7.0.5|=v7.0.6|=v7.0.7|=v7.0.8|=v7.0.9","fixed_version":null,"source":"osv","published_at":"2024-11-12T21:30:55Z","in_kev":false,"epss_prob":0.00307,"epss_percentile":0.53859,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-44381","severity":"medium","summary":"Snipe-IT allows attackers to check whether a user account exists","affected_versions":"<=6.0.14|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4|=v6.0.0|=v6.0.0-RC-1|=v6.0.0-RC-2|=v6.0.0-RC-3|=v6.0.0-RC-4|=v6.0.0-RC-5|=v6.0.0-RC-6|=v6.0.0-RC-7|=v6.0.0-RC-8|=v6.0.1|=v6.0.10|=v6.0.11|=v6.0.12|=v6.0.13|=v6.0.14|=v6.0.2|=v6.0.3|=v6.0.4|=v6.0.5|=v6.0.6|=v6.0.7|=v6.0.8|=v6.0.9","fixed_version":null,"source":"osv","published_at":"2022-12-25T06:30:21Z","in_kev":false,"epss_prob":0.00241,"epss_percentile":0.47287,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-32060","severity":"medium","summary":"Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings","affected_versions":"<=6.0.2|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4|=v6.0.0|=v6.0.0-RC-1|=v6.0.0-RC-2|=v6.0.0-RC-3|=v6.0.0-RC-4|=v6.0.0-RC-5|=v6.0.0-RC-6|=v6.0.0-RC-7|=v6.0.0-RC-8|=v6.0.1|=v6.0.2","fixed_version":null,"source":"osv","published_at":"2022-07-08T00:00:42Z","in_kev":false,"epss_prob":0.05171,"epss_percentile":0.89929,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-32061","severity":"medium","summary":"Snipe-IT 6.0.2 vulnerable to Cross-site Scripting","affected_versions":"<=6.0.2|=3.2.0|=v0.1.0|=v0.1.1|=v0.1.2|=v0.2.0|=v0.3.0-alpha|=v0.3.10-alpha|=v0.3.11-alpha|=v0.3.7-alpha|=v0.3.8-alpha|=v0.3.9-alpha|=v1.0|=v1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.2|=v1.2.3|=v1.2.3-beta|=v1.2.4|=v1.2.4-beta|=v1.2.5|=v1.2.6|=v1.2.6-beta|=v1.2.6.1|=v1.2.7|=v1.2.7-beta|=v1.2.8|=v1.2.9|=v2.0|=v2.0-RC-1|=v2.0-beta|=v2.0.1|=v2.0.2|=v2.0.3|=v2.0.4|=v2.0.5|=v2.0.6|=v2.1.0|=v2.1.1|=v2.1.2|=v3.0|=v3.0-alpha|=v3.0-alpha2|=v3.0-beta.1|=v3.0-beta.2|=v3.0-beta.3|=v3.0.0-beta|=v3.1.0|=v3.3.0|=v3.3.0-beta|=v3.4|=v3.4.0-alpha|=v3.4.0-beta|=v3.5.0|=v3.5.0-beta|=v3.5.0-beta2|=v3.5.1|=v3.5.2|=v3.6.0|=v3.6.1|=v3.6.2|=v3.6.3|=v3.6.4|=v3.6.5|=v3.6.6|=v4-beta3|=v4-beta4|=v4.0|=v4.0-alpha|=v4.0-alpha-2|=v4.0-beta|=v4.0-beta2|=v4.0-beta5|=v4.0-beta6|=v4.0.1|=v4.0.10|=v4.0.11|=v4.0.12|=v4.0.13|=v4.0.14|=v4.0.15|=v4.0.2|=v4.0.3|=v4.0.4|=v4.0.5|=v4.0.6|=v4.0.7|=v4.0.8|=v4.0.9|=v4.1.0|=v4.1.0-beta|=v4.1.0-beta2|=v4.1.1|=v4.1.10|=v4.1.11|=v4.1.12|=v4.1.13|=v4.1.14|=v4.1.2|=v4.1.3|=v4.1.4|=v4.1.5|=v4.1.6|=v4.1.7|=v4.1.8|=v4.1.9|=v4.2.0|=v4.3.0|=v4.4.0|=v4.4.1|=v4.5.0|=v4.6.0|=v4.6.1|=v4.6.10|=v4.6.11|=v4.6.12|=v4.6.13|=v4.6.14|=v4.6.15|=v4.6.16|=v4.6.17|=v4.6.18|=v4.6.2|=v4.6.3|=v4.6.4|=v4.6.5|=v4.6.6|=v4.6.7|=v4.6.8|=v4.6.9|=v4.7.0|=v4.7.1|=v4.7.2|=v4.7.3|=v4.7.4|=v4.7.5|=v4.7.6|=v4.7.7|=v4.7.8|=v4.8.0|=v4.9.0|=v4.9.1|=v4.9.2|=v4.9.3|=v4.9.4|=v4.9.5|=v5.0.0|=v5.0.0-beta-1.0|=v5.0.0-beta-1.1|=v5.0.0-beta-2|=v5.0.0-beta-3.0|=v5.0.0-beta-4|=v5.0.0-beta-5|=v5.0.1|=v5.0.10|=v5.0.11|=v5.0.12|=v5.0.2|=v5.0.3|=v5.0.4|=v5.0.5|=v5.0.6|=v5.0.7|=v5.0.8|=v5.0.9|=v5.1.0|=v5.1.1|=v5.1.2|=v5.1.3|=v5.1.4|=v5.1.5|=v5.1.6|=v5.1.7|=v5.1.8|=v5.2.0|=v5.3.0|=v5.3.1|=v5.3.10|=v5.3.2|=v5.3.3|=v5.3.4|=v5.3.5|=v5.3.6|=v5.3.7|=v5.3.8|=v5.3.9|=v5.4.0|=v5.4.1|=v5.4.2|=v5.4.3|=v5.4.4|=v6.0.0|=v6.0.0-RC-1|=v6.0.0-RC-2|=v6.0.0-RC-3|=v6.0.0-RC-4|=v6.0.0-RC-5|=v6.0.0-RC-6|=v6.0.0-RC-7|=v6.0.0-RC-8|=v6.0.1|=v6.0.2","fixed_version":null,"source":"osv","published_at":"2022-07-08T00:00:42Z","in_kev":false,"epss_prob":0.00429,"epss_percentile":0.6257,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v8.4.1","total_count":275,"recent":["v8.4.1","v8.4.0","v8.3.7","v8.3.6","v8.3.5","v8.3.4","v8.3.3","v8.3.2","v8.3.1","v8.3.0","v8.2.1","v8.2.0","v8.1.18","v8.1.17","v8.1.16","v8.1.15","v8.1.4","v8.1.3","v8.1.2","v8.1.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-07T18:14:08+00:00","dependencies_count":54,"dependencies":["php","ext-curl","ext-fileinfo","ext-iconv","ext-json","ext-mbstring","ext-pdo","alek13/slack","arietimmerman/laravel-scim-server","bacon/bacon-qr-code","doctrine/cache","doctrine/dbal","doctrine/instantiator","eduardokum/laravel-mail-auto-embed","elibyy/tcpdf-laravel","enshrined/svg-sanitize","erusev/parsedown","fakerphp/faker","guzzlehttp/guzzle","intervention/image","javiereguiluz/easyslugger","laravel-notification-channels/google-chat","laravel-notification-channels/microsoft-teams","laravel/framework","laravel/helpers","laravel/passport","laravel/slack-notification-channel","laravel/socialite","laravel/tinker","laravel/ui","league/csv","league/flysystem-aws-s3-v3","livewire/livewire","neitanod/forceutf8","nesbot/carbon","nunomaduro/collision","okvpn/clock-lts","onelogin/php-saml","onnov/detect-encoding","osa-eg/laravel-teams-notification","paragonie/constant_time_encoding","paragonie/sodium_compat","phpdocumentor/reflection-docblock","phpspec/prophecy","pragmarx/google2fa-laravel","rollbar/rollbar-laravel","spatie/laravel-backup","spatie/laravel-ignition","tabuna/breadcrumbs","tecnickcom/tc-lib-barcode","tecnickcom/tc-lib-pdf-font","tecnickcom/tcpdf","unicodeveloper/laravel-password","watson/validating"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["2 high severity vulnerabilities"],"use_version":"v8.4.1","version_hint":"Update to >= 6.0.0-GM to fix known vulnerabilities","summary":"snipe/snipe-it@v8.4.1 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1580,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":23,"avg_days_between_releases":null,"release_velocity":"active"}}