Overview · Shelf-nu/shelf.nu · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Server-Side Request Forgery (SSRF) via Asset CSV Import imageUrl Validation Bypass
GHSA-xgrm-8w6v-mvjg published Jun 3, 2026 by DonKoko

High
Cross-organization IDOR: authenticated users could read/attach another workspace's assets, tags, custodians, bookings, QR codes and audit data
GHSA-r46p-gfrp-xxgq published May 19, 2026 by DonKoko

High
SQL Injection via sortBy Parameter
GHSA-69xv-wmgg-3qp3 published Apr 27, 2026 by DonKoko

Moderate

Learn more about advisories related to Shelf-nu/shelf.nu in the GitHub Advisory Database