VYPR

Fastapiadmin

by Fastapiadmin

Source repositories

CVEs (9)

  • CVE-2026-36724MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.

  • CVE-2026-2979MedFeb 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The…

  • CVE-2026-2978MedFeb 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted…

  • CVE-2026-2977MedFeb 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is…

  • CVE-2024-42818MedAug 26, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

  • CVE-2024-42816MedAug 26, 2024
    risk 0.40cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

  • CVE-2026-36728MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.

  • CVE-2026-2976MedFeb 23, 2026
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes…

  • CVE-2026-2975Feb 23, 2026
    risk 0.00cvss epss 0.00

    A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The…