VYPR

Taiga Back

by Taigaio

Source repositories

CVEs (5)

  • CVE-2025-62368CriOct 28, 2025
    risk 0.67cvss 9.0epss 0.01

    Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.

  • CVE-2024-53555HigNov 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.

  • CVE-2024-53554HigNov 25, 2024
    risk 0.52cvss 8.0epss 0.01

    A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.

  • CVE-2024-53556MedNov 25, 2024
    risk 0.40cvss 6.1epss 0.00

    An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL.

  • CVE-2025-62367MedOct 28, 2025
    risk 0.31cvss 4.8epss 0.00

    Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.