Known Vulnerabilities for products from Vikunja
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Vikunja".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40103 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for cu... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-35602 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the att... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-35601 json | Not Provided | 2026-04-10 | 2026-04-13 | |
| CVE-2026-35600 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdo... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-35599 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2026-35598 json | Not Provided | 2026-04-10 | 2026-04-14 | |
| CVE-2026-35597 json | Not Provided | 2026-04-10 | 2026-04-13 | |
| CVE-2026-35596 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL ... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-35595 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_per... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-35594 json | Not Provided | 2026-04-10 | 2026-04-14 | |
| CVE-2026-34727 json | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT t... | Not Provided | 2026-04-10 | 2026-04-20 |
| CVE-2026-33700 json | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DELETE /api/v1/projects/:project... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2026-33680 json | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` method al... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2026-33679 json | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DownloadImage` function in `pkg/... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2026-33678 json | Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachment.ReadOne()` queries at... | Not Provided | 2026-03-24 | 2026-03-30 |