Known vulnerabilities in Frappe ERPNext 16.8.0

Vendor: Frappe
Website: https://frappe.io/
Total Security Bulletins: 7

Security bulletins (7)

Secuity bulletin Severity Status Published
SB2026043027: SQL injection in ERPNext Medium
Patched
30.04.2026
SB2026043026: SQL injection in ERPNext Medium
Patched
30.04.2026
SB2026043025: Missing Authorization in ERPNext Low
Patched
30.04.2026
SB2026043024: Server-Side Request Forgery (SSRF) in ERPNext Low
Patched
30.04.2026
SB2026043023: Path traversal in ERPNext Low
Patched
30.04.2026
SB2026043015: Missing Authorization in ERPNext Medium
Patched
30.04.2026
SB2026043014: Multiple vulnerabilities in ERPNext Medium
Patched
30.04.2026