Directories
Click to show internal directories.
Click to hide internal directories.
Affected by GO-2026-4480
and 20 other vulnerabilities
GO-2026-4480: Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api
GO-2026-4551: Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api
GO-2026-4552: Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api
GO-2026-4553: Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api
GO-2026-4556: Vikunja has Path Traversal in CLI Restore in code.vikunja.io/api
GO-2026-4575: Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse in code.vikunja.io/api
GO-2026-4791: Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers in code.vikunja.io/api
GO-2026-4794: Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api
GO-2026-4797: Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api
GO-2026-4798: Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement in code.vikunja.io/api
GO-2026-4805: Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api
GO-2026-4811: Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api
GO-2026-4846: Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API in code.vikunja.io/api
GO-2026-4847: Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api
GO-2026-4848: Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api
GO-2026-4849: Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect in code.vikunja.io/api
GO-2026-4850: Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion in code.vikunja.io/api
GO-2026-4851: Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api
GO-2026-4852: Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api
GO-2026-4853: Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api
GO-2026-4855: Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api
modules/
directory
v0.20.1
Go to latest
Published: Nov 11, 2022
License: AGPL-3.0
Opens a new window with list of versions in this module.
Latest
Latest
This package is not in the latest version of its module.
Opens a new window with license information.