Part Db

part-db

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-55194 1Part Db Project 1Part Db Aug 26, 2025 Aug 13, 2025 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting i...Show more Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user’s profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3.Show less
CVE-2023-26042 1Part Db Project 1Part Db Nov 21, 2024 Feb 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Se...Show more Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.Show less
CVE-2022-0848 1Part Db Project 1Part Db Nov 21, 2024 Mar 4, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.