frappe/hrms

frappe/hrms

Releases308

Frequency4 days 9 hours

Last Release 1 day ago

Stars8.06K

Open Source HR and Payroll Software

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-45081 ↗	May 27, 2026Wednesday, 27 May 2026, 18:16	6.5 MEDIUM	—
Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0.
CVE-2026-41320 ↗	Apr 21, 2026Tuesday, 21 April 2026, 20:17	6.5 MEDIUM	—
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14.38.1 contain a patch. No known workarounds are available.
CVE-2026-40888 ↗	Apr 21, 2026Tuesday, 21 April 2026, 20:17	—	—
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available.
CVE-2026-40889 ↗	Apr 21, 2026Tuesday, 21 April 2026, 20:17	6.5 MEDIUM	—
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.