Opf Openproject
34 CVEs affecting Opf Openproject. Latest disclosed: 2026-04-20. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34717 | Critical | 9.9 | 2026-04-02 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177… |
CVE-2026-32703 | Critical | 9.1 | 2026-03-18 | OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not… |
CVE-2026-32698 | Critical | 9.1 | 2026-03-18 | OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection a… |
CVE-2026-22600 | Critical | 9.1 | 2026-01-10 | OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality… |
CVE-2026-24772 | High | 8.9 | 2026-01-28 | OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchro… |
CVE-2026-23625 | High | 8.7 | 2026-01-19 | OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerabilit… |
CVE-2024-35224 | High | 7.6 | 2024-05-23 | OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when… |
CVE-2023-33960 | High | 7.5 | 2023-06-01 | OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which rou… |
CVE-2026-33667 | High | 7.4 | 2026-04-15 | OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_aut… |
CVE-2021-43830 | High | 7.4 | 2021-12-14 | OpenProject is a web-based project management software. OpenProject versions >= 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticat… |
CVE-2026-24777 | Medium | 6.7 | 2026-02-09 | OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This f… |
CVE-2026-40896 | Medium | 6.5 | 2026-04-20 | OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject a… |
CVE-2026-30239 | Medium | 6.5 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this b… |
CVE-2026-30235 | Medium | 6.5 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Ma… |
CVE-2026-30234 | Medium | 6.5 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a… |
CVE-2026-23646 | Medium | 6.5 | 2026-01-19 | OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end… |
CVE-2026-24775 | Medium | 6.3 | 2026-01-28 | OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers… |
CVE-2023-31140 | Medium | 4.8 | 2023-05-08 | OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first… |
CVE-2024-41801 | Medium | 4.7 | 2024-07-25 | OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installati… |
CVE-2026-30236 | Medium | 4.3 | 2026-03-11 | OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not ch… |