Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue.
"https://github.com/pypa/advisory-database/blob/main/vulns/inventree/PYSEC-2026-823.yaml"