Makeplane Plane
15 CVEs affecting Makeplane Plane. Latest disclosed: 2026-05-20. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-47830 | Critical | 9.3 | 2024-10-11 | Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may… |
CVE-2024-31461 | Critical | 9.1 | 2024-04-10 | Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an at… |
CVE-2026-30242 | High | 8.5 | 2026-03-06 | Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_lo… |
CVE-2025-62716 | High | 8.1 | 2025-10-24 | Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to… |
CVE-2026-39843 | High | 7.7 | 2026-04-09 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the s… |
CVE-2026-27706 | High | 7.7 | 2026-02-25 | Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in… |
CVE-2026-30244 | High | 7.5 | 2026-03-06 | Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive inf… |
CVE-2026-40102 | Medium | 6.5 | 2026-05-20 | Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly… |
CVE-2026-39374 | Medium | 6.5 | 2026-04-07 | Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (ADMIN or MEMBER) to modify the sta… |
CVE-2025-55203 | Medium | 5.4 | 2025-08-15 | Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html fie… |
CVE-2025-21616 | Medium | 5.4 | 2025-01-06 | Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerabil… |
CVE-2025-69284 | Medium | 4.3 | 2026-01-02 | Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings… |
CVE-2025-48070 | Low | 3.5 | 2025-05-21 | Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that ar… |
CVE-2026-27949 | Low | 2.0 | 2026-04-07 | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address… |
CVE-2026-27705 | | 2026-02-25 | Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py`… |