ERPNext Security Bulletin

This security bulletin contains detailed information about vulnerabilities affecting the Frappe Framework and ERPNext.


Reference Reported By Affected Applications Severity
CVE-2019-7531 Brian Hyde Frappe v11 Important
CVE-2019-14966 Eugene Kolodenker Frappe, ERPNext Critical
CVE-2019-14965 Eugene Kolodenker Frappe, ERPNext Moderate
CVE-2019-14967 Netsparker Frappe Framework Moderate
CVE-2019-7528 Mikhail Klyuchnikov Frappe v12, ERPNext v12 Moderate
CVE-2019-7530 Mikhail Klyuchnikov Frappe v12, ERPNext v12 Important
CVE-2019-7532 Mikhail Klyuchnikov Frappe v12 Moderate
CVE-2019-7533 Mikhail Klyuchnikov Frappe v12 Critical
CVE-2019-7529 Anonymous Frappe v10 Moderate
CVE-2018-20207 felixvarghese Frappe v10 Moderate
CVE-2019-7534 Brian Hyde Frappe v10 Moderate
CVE-2019-7527 Kent Bayron Frappe v10, ERPNext v10 Moderate