Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

plane — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in plane, with AI-generated Chinese analysis, references, and POCs.

Vendor: Plane

CVE IDTitleCVSSSeverityPublished
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching CWE-918 7.7 High2026-04-09
CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter CWE-200 2.0 Low2026-04-07
CVE-2026-39374 Plane IDOR: Cross-Project Issue Date Modification via Bulk Update Endpoint CWE-639 6.5 Medium2026-04-07
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer CWE-918 8.5 High2026-03-06
CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure CWE-284 7.5 High2026-03-06
CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature CWE-918 7.7 High2026-02-25
CVE-2026-27705 Plane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patch CWE-639 6.5AIMediumAI2026-02-25
CVE-2025-69284 In plane.io, a Guest User to a Workspace can still be able to see list of members CWE-284 4.3 Medium2026-01-02
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter CWE-79 8.1 High2025-10-24
CVE-2025-55203 Plane Stored XSS in Add Work Item Functionality CWE-79 5.4 Medium2025-08-15
CVE-2025-48070 Plane has insecure permissions in UserSerializer CWE-276 3.5 Low2025-05-21
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload CWE-79 5.4 Medium2025-01-06
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint CWE-918 9.3 Critical2024-10-11
CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability CWE-918 9.1 Critical2024-04-10
CVE-2023-30791 Plane 0.7.1 - Insecure file upload CWE-434 7.1 High2023-07-15
CVE-2023-2268 Plane v0.7.1 - Unauthorized access to files CWE-862 7.1 High2023-07-15

All 16 known CVE vulnerabilities affecting plane with full Chinese analysis, references, and POCs where available.