VYPR
Vendor

Part DB

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2019-25432HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain…

  • CVE-2025-5007LowMay 20, 2025
    risk 0.16cvss 3.5epss 0.00

    A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the…

  • CVE-2022-0848CriMar 4, 2022
    risk 0.06cvss 9.8epss 0.35

    OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.

  • CVE-2025-55194Aug 13, 2025
    risk 0.00cvss epss 0.00

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to…

  • CVE-2023-26042MedFeb 27, 2023
    risk 0.00cvss 6.1epss 0.01

    Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is…