GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug
Moderate
CVE-2026-35596
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout
Moderate
CVE-2026-35597
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja Missing Authorization on CalDAV Task Read
Moderate
CVE-2026-35598
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja has Algorithmic Complexity DoS in Repeating Task Handler
Moderate
CVE-2026-35599
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja has HTML Injection via Task Titles in Overdue Email Notifications
Moderate
CVE-2026-35600
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output
Moderate
CVE-2026-35601
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
Vikunja has File Size Limit Bypass via Vikunja Import
Moderate
CVE-2026-35602
was published
for
code.vikunja.io/api
(Go)
Apr 10, 2026
ProTip!
Advisories are also available from the
GraphQL API