Browse all 3 CVE security advisories affecting Invoice Ninja. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Invoice Ninja is an open-source invoicing and billing platform designed for freelancers and small businesses to manage invoices, expenses, and payments. Historically, it has been susceptible to multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, primarily stemming from improper input validation and access control issues. The platform has three documented CVEs, with notable security concerns including insecure default configurations and insufficient session management. While no major public security incidents have been widely reported, the recurring nature of these vulnerabilities highlights the importance of timely updates and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-8700 | Privilege Escalation via get-task-allow entitlement in Invoice Ninja — Invoice NinjaCWE-497 | 7.3AI | HighAI | 2025-08-26 |
| CVE-2025-0474 | Invoice Ninja PDF Rendering Server Side Request Forgery — Invoice NinjaCWE-918 | 7.7 | High | 2025-01-14 |
This page lists every published CVE security advisory associated with Invoice Ninja. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.