Browse all 7 CVE security advisories affecting Akaunting. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Akaunting serves as an open-source accounting platform for small businesses and freelancers, handling financial data management and invoicing. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from insufficient input validation and access control weaknesses. The platform's 7 recorded CVEs highlight recurring problems in areas like file upload mechanisms and user permission management. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its codebase suggests ongoing challenges in secure development practices, particularly for web application components handling sensitive financial operations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-58293 | Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields — AkauntingCWE-1336 | 7.2AI | HighAI | 2025-12-11 |
| CVE-2021-36805 | Akaunting Invoice Footer Persistent XSS — AkauntingCWE-79 | 5.2 | Medium | 2021-08-04 |
| CVE-2021-36804 | Akaunting Password Reset Relay — AkauntingCWE-640 | 5.4 | Medium | 2021-08-04 |
| CVE-2021-36803 | Akaunting Avatar Persistent XSS — AkauntingCWE-79 | 6.3 | Medium | 2021-08-04 |
| CVE-2021-36802 | Akaunting DoS via User-Controlled 'locale' Variable — AkauntingCWE-248 | 6.5 | Medium | 2021-08-04 |
| CVE-2021-36801 | Akaunting Authentication Bypass in Company Selection — AkauntingCWE-639 | 8.1 | High | 2021-08-04 |
| CVE-2021-36800 | Akaunting OS Command Injection in 'Money.php' — AkauntingCWE-94 | 8.7 | High | 2021-08-04 |
This page lists every published CVE security advisory associated with Akaunting. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.