Is snipe/snipe-it safe to use?

snipe/snipe-it has 7 known vulnerabilities on the latest version (v8.4.1). DepScope rates its health at 45/100 (high risk).

What is the latest version of snipe/snipe-it?

The latest version of snipe/snipe-it is v8.4.1, released 2026-04-07.

Does snipe/snipe-it have known vulnerabilities?

Yes. snipe/snipe-it has 7 known vulnerabilities. See depscope.dev/pkg/composer/snipe/snipe-it for details.

Is snipe/snipe-it deprecated?

No, snipe/snipe-it is actively maintained. Latest release: v8.4.1 (2026-04-07).

What are alternatives to snipe/snipe-it?

DepScope has no curated alternatives for snipe/snipe-it at this time.

What license does snipe/snipe-it use?

snipe/snipe-it is licensed under AGPL-3.0-or-later.

snipe/snipe-it

composervv8.4.1

Open source asset management system built on Laravel.

License AGPL-3.0-or-later275 versions54 deps

grokability/snipe-it

/ 100

Health

update required

snipe/[email protected] has vulnerabilities — update to latest

Update to >= 6.0.0-GM to fix known vulnerabilities

2 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

5/25

security

15/15

maturity

0/15

community

Vulnerabilities

2 high5 medium

Advisories (7)

Severity	ID	Summary	Fixed in
medium	CVE-2021-3931	snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)	—
high	CVE-2021-4075	Server-Side Request Forgery in snipe/snipe-it	6.0.0-GM
medium	CVE-2025-64027	Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow	—
high	CVE-2024-51093	Cross Site Scripting vulnerability in Snipe-IT	—
medium	CVE-2022-44381	Snipe-IT allows attackers to check whether a user account exists	—
medium	CVE-2022-32060	Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings	—
medium	CVE-2022-32061	Snipe-IT 6.0.2 vulnerable to Cross-site Scripting	—

Health History

Dependency Tree

License Audit

Dependencies (54)

php ext-curl ext-fileinfo ext-iconv ext-json ext-mbstring ext-pdo alek13/slack arietimmerman/laravel-scim-server bacon/bacon-qr-code doctrine/cache doctrine/dbal doctrine/instantiator eduardokum/laravel-mail-auto-embed elibyy/tcpdf-laravel enshrined/svg-sanitize erusev/parsedown fakerphp/faker guzzlehttp/guzzle intervention/image javiereguiluz/easyslugger laravel-notification-channels/google-chat laravel-notification-channels/microsoft-teams laravel/framework laravel/helpers laravel/passport laravel/slack-notification-channel laravel/socialite laravel/tinker laravel/ui league/csv league/flysystem-aws-s3-v3 livewire/livewire neitanod/forceutf8 nesbot/carbon nunomaduro/collision okvpn/clock-lts onelogin/php-saml onnov/detect-encoding osa-eg/laravel-teams-notification paragonie/constant_time_encoding paragonie/sodium_compat phpdocumentor/reflection-docblock phpspec/prophecy pragmarx/google2fa-laravel rollbar/rollbar-laravel spatie/laravel-backup spatie/laravel-ignition tabuna/breadcrumbs tecnickcom/tc-lib-barcode tecnickcom/tc-lib-pdf-font tecnickcom/tcpdf unicodeveloper/laravel-password watson/validating

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/snipe/snipe-it

Last updated · 2026-04-07T18:14:08+00:00