Security: go-vikunja/vikunja
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Scoped API tokens with projects.background permission can delete project backgroundsGHSA-v479-vf79-mg83 published
Apr 9, 2026 by kolaenteModerate -
TOTP Two-Factor Authentication Bypass via OIDC Login PathGHSA-8jvc-mcx6-r4cg published
Apr 9, 2026 by kolaenteHigh -
iCalendar Property Injection via CRLF in CalDAV Task OutputGHSA-2g7h-7rqr-9p4r published
Apr 9, 2026 by kolaenteModerate -
HTML Injection via Task Titles in Overdue Email NotificationsGHSA-45q4-x4r9-8fqj published
Apr 9, 2026 by kolaenteModerate -
Algorithmic Complexity DoS in Repeating Task HandlerGHSA-r4fg-73rc-hhh7 published
Apr 9, 2026 by kolaenteModerate -
File Size Limit Bypass via Vikunja ImportGHSA-qh78-rvg3-cv54 published
Apr 9, 2026 by kolaenteModerate -
Missing Authorization on CalDAV Task ReadGHSA-48ch-p4gq-x46x published
Apr 9, 2026 by kolaenteModerate -
TOTP Brute-Force Due to Non-Functional Account LockoutGHSA-fgfv-pv97-6cmj published
Apr 9, 2026 by kolaenteModerate -
Broken Access Control on Label Read via SQL Operator Precedence BugGHSA-hj5c-mhh2-g7jq published
Apr 9, 2026 by kolaenteModerate -
Privilege Escalation via Project ReparentingGHSA-2vq4-854f-5c72 published
Apr 9, 2026 by kolaenteHigh
Learn more about advisories related to go-vikunja/vikunja in the GitHub Advisory Database