Browse all 3 CVE security advisories affecting Grocy project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Grocy is a self-hosted grocery and household management system designed for inventory tracking, shopping list organization, and recipe management. Historically, the project has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with three CVEs currently documented. While no major security incidents have been widely reported, the presence of RCE vulnerabilities in past versions highlights potential risks for self-hosted deployments. Users are advised to maintain updated installations to mitigate known security exposures, as the project's web interface and API endpoints have previously been entry points for unauthorized access and system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-55074 | Grocy 安全漏洞 — GrocyCWE-79 | 8.8 | High | 2025-01-06 |
| CVE-2024-55075 | Grocy 安全漏洞 — GrocyCWE-425 | 4.3 | Medium | 2025-01-06 |
| CVE-2024-55076 | Grocy 安全漏洞 — GrocyCWE-352 | 8.1 | High | 2025-01-06 |
This page lists every published CVE security advisory associated with Grocy project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.