Firefly III

firefly-iii.org
Awesome PrivacyFinanceSecure BudgetingFirefly III
Firefly III

A free and open source personal finance manager. Firefly III features a clean and clear UI, is easy to set up and use, and is backed by a strong community. Regular updates bring new features, improvements, and fixes. There's also a hass.io addon, and compatibility with Home Assistant. Ensure your server is securely configured.

Avoid

  • mint
  • you need a budget (ynab)
  • pocketguard
  • quicken
  • goodbudget

Also Consider

Open Source

Firefly III Source Code

Author

firefly-iii

Description

Firefly III: a personal finances manager

#accounting#budget#budgeting#budgets#cash-flow#cashflow#credit-card#docker#expenses#finance#finances#financial#linux#money#paycheck#personal-finance#php#php7

Homepage

https://firefly-iii.org/

License

AGPL-3.0

Created

28 Jun 14

Last Updated

09 Jun 26

Latest version

v6.6.3

Primary Language

PHP

Size

314,972 KB

Stars

23,662

Forks

2,193

Watchers

23,662

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • James Cole (29 May 26)

    Merge pull request #12302 from firefly-iii/dependabot/composer/composer-ae8d2872ee

  • dependabot[bot] (29 May 26)

    Bump symfony/polyfill-intl-idn in the composer group across 1 directory Bumps the composer group with 1 update in the / directory: [symfony/polyfill-intl-idn](https://github.com/symfony/polyfill-intl-idn). Updates `symfony/polyfill-intl-idn` from 1.37.0 to 1.38.1 - [Release notes](https://github.com/symfony/polyfill-intl-idn/releases) - [Commits](https://github.com/symfony/polyfill-intl-idn/compare/v1.37.0...v1.38.1) --- updated-dependencies: - dependency-name: symfony/polyfill-intl-idn dependency-version: 1.38.1 dependency-type: indirect dependency-group: composer ... Signed-off-by: dependabot[bot] <[email protected]>

  • James Cole (28 May 26)

    Update lock-threads action to use dessant version Signed-off-by: James Cole <[email protected]>

  • James Cole (28 May 26)

    Merge pull request #12298 from firefly-iii/dependabot/npm_and_yarn/npm_and_yarn-6ec3e26c6e

  • dependabot[bot] (28 May 26)

    Bump tmp in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [tmp](https://github.com/raszi/node-tmp). Updates `tmp` from 0.2.5 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

  • James Cole (21 May 26)

    Remove AI assistance disclosure comments Removed AI assistance disclosure comments from the workflow. Signed-off-by: James Cole <[email protected]>

  • github-actions[bot] (21 May 26)

    Merge pull request #12276 from firefly-iii/develop 🤖 Automatically merge the PR into the main branch.

  • github-actions[bot] (21 May 26)

    Merge pull request #12275 from firefly-iii/release-1779339576 🤖 Automatically merge the PR into the develop branch.

  • JC5 (21 May 26)

    🤖 Auto commit for release 'v6.6.3' on 2026-05-21

  • github-actions[bot] (21 May 26)

    Merge pull request #12274 from firefly-iii/release-1779338975 🤖 Automatically merge the PR into the develop branch.

  • JC5 (21 May 26)

    🤖 Auto commit for release 'develop' on 2026-05-21

  • James Cole (21 May 26)

    Fix mago issues.

  • James Cole (21 May 26)

    Fix issues.

  • James Cole (21 May 26)

    Lots of mago fixes applied.

  • github-actions[bot] (21 May 26)

    Merge pull request #12273 from firefly-iii/release-1779337714 🤖 Automatically merge the PR into the develop branch.

  • JC5 (21 May 26)

    🤖 Auto commit for release 'develop' on 2026-05-21

  • James Cole (21 May 26)

    Fix date fns

  • James Cole (21 May 26)

    Merge branch 'main' into develop

  • James Cole (21 May 26)

    Fix patch and lock version.

  • James Cole (21 May 26)

    Update pr-reply-no-disclosure.yml Signed-off-by: James Cole <[email protected]>

  • James Cole (20 May 26)

    Update changelog.

  • github-actions[bot] (20 May 26)

    Merge pull request #12272 from firefly-iii/release-1779302299 🤖 Automatically merge the PR into the develop branch.

  • JC5 (20 May 26)

    🤖 Auto commit for release 'develop' on 2026-05-20

  • James Cole (20 May 26)

    Fix broken if statement

  • James Cole (20 May 26)

    Expand changelog

  • James Cole (20 May 26)

    Merge branch 'main' into develop

  • James Cole (20 May 26)

    Merge pull request #12271 from alanturing881/fix/stored-xss-ale-piggy-name Fix stored XSS in audit log view via piggy bank name (ale.twig)

  • James Cole (20 May 26)

    Update pr-reply-no-disclosure.yml Signed-off-by: James Cole <[email protected]>

  • iaohkut (20 May 26)

    Fix stored XSS in ALE view by HTML-escaping piggy bank name The Twig template ale.twig rendered the piggy bank name from AuditLogEntry.after.piggy using |raw, bypassing auto-escaping. A user-controlled name containing HTML (e.g. <img onerror=...>) would execute as JavaScript in any browser viewing the transaction audit log (CWE-79). Apply |e filter to escape only the user-controlled `name` parameter before substitution into the trans() string. The |raw filter is preserved because the `amount` parameter legitimately contains <span> tags for currency styling. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

  • James Cole (19 May 26)

    Enhance PR workflow to check for author Added logic to check for the author of the pull request. Signed-off-by: James Cole <[email protected]>

Firefly III Security

4.7/10

Repo Security Summary

Updated 01 Jun 26

  • Code-Review 1/10
  • Packaging N/A
  • Dangerous-Workflow N/A
  • Token-Permissions N/A
  • Maintained 10/10
  • Security-Policy 0/10
  • CII-Best-Practices 2/10
  • Binary-Artifacts 10/10
  • License 10/10
  • Pinned-Dependencies N/A
  • Signed-Releases 8/10
  • Fuzzing 0/10
  • Branch-Protection 3/10
  • SAST 0/10

Security Advisories (4)

Firefly III Website

Website

Firefly III - A free and open source personal finance manager

Firefly III

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address 104.21.62.170
  • Location San Francisco, California, United States of America, NA
  • ISP CloudFlare Inc.
  • ASN AS13335

Associated Countries

  • US US
  • DE DE
  • CH CH

Safety Score

Website marked as safe

100%

Blacklist Check

www.firefly-iii.org was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview
View full report at web-check.xyz

Firefly III Reviews

More Secure Budgeting

View More...

About the Data: Firefly III

API

You can access Firefly III's data programmatically via our API. Simply make a GET request to: 

https://api.awesome-privacy.xyz/v1/services/firefly-iii

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Firefly III

Help your friends compare Secure Budgeting, and pick privacy-respecting software and services.
Share Firefly III and Awesome Privacy with your network!

View Secure Budgeting (6)
Next →

GnuCash