VYPR

PyPI package

plane

pkg:pypi/plane

Vulnerabilities (2)

  • CVE-2026-30242Mar 6, 2026
    affected < 1.2.3fixed 1.2.3

    Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (1

  • CVE-2026-30244Mar 6, 2026
    affected >= 0

    Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framew