Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

firefly-iii — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting firefly-iii. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Firefly-III is a personal finance management tool designed for expense tracking and budgeting. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The application's 16 recorded CVEs highlight consistent security concerns, particularly in input validation and access control. While no major public security incidents have been widely documented, the pattern of vulnerabilities suggests potential risks for users handling sensitive financial data. Regular updates and careful configuration are recommended to mitigate these security issues.

Top products by firefly-iii: firefly-iii/firefly-iii firefly-iii
CVE IDTitleCVSSSeverityPublished
CVE-2024-37893 MFA bypass in oauth flow in Firefly III — firefly-iiiCWE-287 5.9 Medium2024-06-17
CVE-2023-1788 Insufficient Session Expiration in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-613 9.8 -2023-04-05
CVE-2023-1789 Improper Input Validation in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-20 9.1 -2023-04-01
CVE-2023-0298 Incorrect Authorization in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-863 7.1 -2023-01-14
CVE-2021-4005 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-12-04
CVE-2021-4015 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-12-01
CVE-2021-3921 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-11-13
CVE-2021-3901 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-10-27
CVE-2021-3900 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-10-27
CVE-2021-3851 Open Redirect in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-601 5.4 -2021-10-19
CVE-2021-3846 Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-434 8.8 -2021-10-19
CVE-2021-3819 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-09-27
CVE-2021-3730 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-08-23
CVE-2021-3729 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-08-23
CVE-2021-3728 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-352 4.3 -2021-08-23
CVE-2021-3663 Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii — firefly-iii/firefly-iiiCWE-307 7.5 -2021-07-25

This page lists every published CVE security advisory associated with firefly-iii. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.