Shelf-nu/shelf.nu

Releases87

Frequency1 week 5 days

Last Release 17 days ago

Stars2.62K

A free open source IT asset / Equipment / management and scheduling system.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44204 ↗	May 12, 2026Tuesday, 12 May 2026, 18:17	6.5 MEDIUM	—
Shelf is a platform for tracking physical assets. From 1.12 to before 1.20.1, a SQL injection vulnerability in the sortBy query parameter on the /assets route allows any authenticated user (any role) to execute arbitrary SQL and read data from any table in the database, including data belonging to other organizations. This vulnerability is fixed in 1.20.1.