Known vulnerabilities in Frappe ERPNext

Vendor: Frappe
Website: https://frappe.io/
Total Security Bulletins: 16

Security bulletins (16)

Secuity bulletin Severity Status Published
SB2026043027: SQL injection in ERPNext Medium
Patched
30.04.2026
SB2026043026: SQL injection in ERPNext Medium
Patched
30.04.2026
SB2026043025: Missing Authorization in ERPNext Low
Patched
30.04.2026
SB2026043024: Server-Side Request Forgery (SSRF) in ERPNext Low
Patched
30.04.2026
SB2026043023: Path traversal in ERPNext Low
Patched
30.04.2026
SB2026043015: Missing Authorization in ERPNext Medium
Patched
30.04.2026
SB2026043014: Multiple vulnerabilities in ERPNext Medium
Patched
30.04.2026
SB2026042479: SQL injection in ERPNext Low
Patched
24.04.2026
SB2026042478: SQL injection in ERPNext Medium
Patched
24.04.2026
SB2026042477: Cross-site scripting in ERPNext Medium
Patched
24.04.2026
SB2026042476: SQL injection in ERPNext Medium
Patched
24.04.2026
SB2026022318: Improper access control in ERPNext Medium
Patched
23.02.2026
SB2020080512: SQL injection in ERPNext Medium
Patched
05.08.2020
SB2020031832: Multiple vulnerabilities in Frappe ERPNext Medium
Patched
18.03.2020
SB2018121129: SQL injection in Frappe ERPNext Medium
Patched
11.12.2018
SB2018091213: Multiple vulnerabilities in Frappe ERPNext High
Patched
12.09.2018