Taigaio
Products
3- 5 CVEs
- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62368 | Cri | 0.67 | 9.0 | 0.01 | Oct 28, 2025 | Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0. | ||
| CVE-2024-53555 | Hig | 0.57 | 8.8 | 0.01 | Nov 26, 2024 | A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. | ||
| CVE-2024-53554 | Hig | 0.52 | 8.0 | 0.01 | Nov 25, 2024 | A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. | ||
| CVE-2024-53556 | Med | 0.40 | 6.1 | 0.00 | Nov 25, 2024 | An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. | ||
| CVE-2025-62367 | Med | 0.31 | 4.8 | 0.00 | Oct 28, 2025 | Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0. | ||
| CVE-2026-41250 | Med | 0.30 | 5.7 | 0.00 | May 11, 2026 | Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1. |
- risk 0.67cvss 9.0epss 0.01
Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.
- risk 0.57cvss 8.8epss 0.01
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file.
- risk 0.52cvss 8.0epss 0.01
A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.
- risk 0.40cvss 6.1epss 0.00
An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL.
- risk 0.31cvss 4.8epss 0.00
Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.
- risk 0.30cvss 5.7epss 0.00
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1.