Dolibarr/dolibarr

This hub aggregates every CVE we track for Dolibarr/dolibarr, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Dolibarr/dolibarr.

• CVE-2025-56588Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.8.8Oct 1, 2025
• CVE-2024-55227A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Tit...9.0Jan 27, 2025
• CVE-2024-55228A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title par...9.0Jan 27, 2025
• CVE-2021-3991Improper Authorization in dolibarr/dolibarr4.3Nov 15, 2024
• CVE-2024-40137Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.5.5Jul 24, 2024
• CVE-2024-37821An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.8.8Jun 18, 2024
• CVE-2024-34051A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafte...4.6Jun 3, 2024
• CVE-2024-5315Multiple vulnerabilities in DOLIBARR's ERP CMS9.1May 24, 2024
• CVE-2024-5314Multiple vulnerabilities in DOLIBARR's ERP CMS9.1May 24, 2024
• CVE-2024-31503Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a...7.5Apr 16, 2024
• CVE-2024-29477Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted...8.8Apr 3, 2024
• CVE-2024-23817Dolibarr Application Home Page HTML injection vulnerability7.1Jan 25, 2024
• CVE-2023-4198Dolibarr ERP CRM (<= 17.0.3) Improper Access Control6.5Nov 1, 2023
• CVE-2023-4197Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE7.5Nov 1, 2023
• CVE-2023-5842Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr4.8Oct 30, 2023