Vulnerabilities in inventree
15 resultsCVE-2022-2112CRITICALImproper Neutralization of Formula Elements in a CSV File in inventree/inventreeEPSS 1.2%CVE-2022-2111CRITICALUnrestricted Upload of File with Dangerous Type in inventree/inventreeEPSS 1.2%CVE-2022-2134HIGHAllocation of Resources Without Limits or Throttling in inventree/inventreeEPSS 0.8%CVE-2022-2113HIGHCross-site Scripting (XSS) - Stored in inventree/inventreeEPSS 0.7%CVE-2022-3355HIGHCross-site Scripting (XSS) - Stored in inventree/inventreeEPSS 0.6%CVE-2026-35478HIGHInvenTree has Arbitrary API Token CreationEPSS 0.3%CVE-2024-47610HIGHStored Cross-site Scripting Vulnerability in Markdown EditorEPSS 0.3%CVE-2026-33531MEDIUMInvenTree has Path Traversal In Report TemplatesEPSS 0.3%CVE-2025-49000LOWInvenTree has uncontrolled memory allocation via built-in label-sheet pluginEPSS 0.3%CVE-2026-27629MEDIUMInvenTree Vulnerable to Server Side Template Injection (SSTI)EPSS 0.3%CVE-2026-35477MEDIUMInvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escapeEPSS 0.3%CVE-2026-39362MEDIUMInvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLsEPSS 0.2%CVE-2026-35479MEDIUMInvenTree Plugin Installation - Insufficient PermissionsEPSS 0.2%CVE-2026-33530HIGHInvenTree Vulnerable to ORM Filter InjectionEPSS 0.2%CVE-2026-35476HIGHInvenTree Affected by Privilege Escalation via APIEPSS 0.1%