Affected by GO-2026-4480
and 21 other vulnerabilities
GO-2026-4480: Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api
GO-2026-4551: Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api
GO-2026-4552: Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api
GO-2026-4553: Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api
GO-2026-4556: Vikunja has Path Traversal in CLI Restore in code.vikunja.io/api
GO-2026-4575: Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse in code.vikunja.io/api
GO-2026-4791: Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers in code.vikunja.io/api
GO-2026-4794: Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api
GO-2026-4795: Vikunja read-only users can delete project background images via broken object-level authorization in code.vikunja.io/api
GO-2026-4797: Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api
GO-2026-4798: Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement in code.vikunja.io/api
GO-2026-4805: Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api
GO-2026-4811: Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api
GO-2026-4846: Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API in code.vikunja.io/api
GO-2026-4847: Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api
GO-2026-4848: Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api
GO-2026-4849: Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect in code.vikunja.io/api
GO-2026-4850: Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion in code.vikunja.io/api
GO-2026-4851: Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api
GO-2026-4852: Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api
GO-2026-4853: Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api
GO-2026-4855: Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api
type Image struct {
ID string `json:"id"`
URL string `json:"url"`
Thumb string `json:"thumb,omitempty"`
BlurHash string `json:"blur_hash"`
// This can be used to supply extra information from an image provider to clients Info interface{} `json:"info,omitempty"`
}
Image represents an image which can be used as a project background
type Provider interface {
// Search is used to either return a pre-defined project of Image or let the user search for an image Search(s *xorm.Session, search string, page int64) (result []*Image, err error)
// Set sets an image which was most likely previously obtained by Search as project background Set(s *xorm.Session, image *Image, project *models.Project, auth web.Auth) (err error)
}
Provider represents something that is able to get a project of images and set one of them as background
Affected by 
Documentation
¶
Source Files
Directories