Please find our statement on security in this document: https://www.openproject.org/docs/security-and-privacy/statement-on-security/
Security: opf/openproject
Security
SECURITY.md
-
Open Redirect Vulnerability in Sign-In in default configuration of OpenProject packaged installationGHSA-g92v-vrq6-4fpw published
Jul 25, 2024 by oliverguentherModerate -
Stored XSS in Cost Report TablesGHSA-h26c-j8wg-frjc published
May 22, 2024 by klaustopherHigh -
Project identifier information leakage through robots.txtGHSA-xjfc-fqm3-95q8 published
Jun 1, 2023 by oliverguentherHigh -
User sessions not terminated after activation of 2FAGHSA-xfp9-qqfj-x28q published
May 2, 2023 by oliverguentherModerate -
SQL injection in OpenProject budgets reassignmentGHSA-f565-3whr-6m96 published
Dec 14, 2021 by oliverguentherHigh -
Host Header Injection in unproxied Docker installationsGHSA-r8f8-pgg2-2c26 published
Jul 20, 2021 by oliverguentherModerate -
Regular Expression Denial of Service in OpenProject forum messagesGHSA-qqvp-j6gm-q56f published
Jul 20, 2021 by oliverguentherModerate
Learn more about advisories related to opf/openproject in the GitHub Advisory Database