Invoiceninja Invoice Ninja — known CVE vulnerabilities
Every CVE whose affected-product data names Invoiceninja Invoice Ninja, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-33898 — CVSS 8.1 (high): In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an…
CVE-2026-29925 — CVSS 7.7 (high): Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.
CVE-2017-1000466 — CVSS 5.4 (medium): Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result…
CVE-2021-3977 — CVSS 5.4 (medium): invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-33628 — CVSS 5.4 (medium): Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in…
CVE-2026-33742 — CVSS 5.4 (medium): Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja…