Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

makeplane — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting makeplane. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by makeplane:plane
CVE IDTitleCVSSSeverityPublished
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching — planeCWE-918 7.7 High2026-04-09
CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter — planeCWE-200 2.0 Low2026-04-07
CVE-2026-39374 Plane IDOR: Cross-Project Issue Date Modification via Bulk Update Endpoint — planeCWE-639 6.5 Medium2026-04-07
CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer — planeCWE-918 8.5 High2026-03-06
CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure — planeCWE-284 7.5 High2026-03-06
CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature — planeCWE-918 7.7 High2026-02-25
CVE-2026-27705 Plane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patch — planeCWE-639 6.5AIMediumAI2026-02-25
CVE-2025-69284 In plane.io, a Guest User to a Workspace can still be able to see list of members — planeCWE-284 4.3 Medium2026-01-02
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter — planeCWE-79 8.1 High2025-10-24
CVE-2025-55203 Plane Stored XSS in Add Work Item Functionality — planeCWE-79 5.4 Medium2025-08-15
CVE-2025-48070 Plane has insecure permissions in UserSerializer — planeCWE-276 3.5 Low2025-05-21
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload — planeCWE-79 5.4 Medium2025-01-06
CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint — planeCWE-918 9.3 Critical2024-10-11
CVE-2024-31461 Plane Server-Side Request Forgery (SSRF) Vulnerability — planeCWE-918 9.1 Critical2024-04-10

This page lists every published CVE security advisory associated with makeplane. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.