Browse all 4 CVE security advisories affecting Invenio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Invenio is an open-source framework for building digital repositories and library management systems, commonly used by academic and research institutions. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily due to input validation flaws and misconfigurations. While no major public security incidents have been widely reported, the four CVEs on record highlight ongoing security concerns, particularly around authentication and access control. The framework's modular architecture, while flexible, introduces potential attack surfaces that require careful configuration and regular security updates to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-1020006 | invenio-app 注入漏洞 — invenio-app | 6.1 | - | 2019-07-29 |
| CVE-2019-1020005 | invenio-communities 跨站脚本漏洞 — invenio-communities | 5.4 | - | 2019-07-29 |
| CVE-2019-1020003 | invenio-records 跨站脚本漏洞 — invenio-records | 5.4 | - | 2019-07-29 |
| CVE-2019-1020019 | invenio-previewer 跨站脚本漏洞 — invenio-previewer | 5.4 | - | 2019-07-29 |
This page lists every published CVE security advisory associated with Invenio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.