threat
engine
.sh
Back
·
··:··
Home
/
Product
/
plane
Product
plane
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-39843
>= 0.28.0 and < 1.3.0
Plane is an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incompl
7.7
HIGH
CVE-2026-27949
< 1.3.0
Plane is an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow
2.0
LOW
CVE-2026-39374
< 1.3.0
Plane is an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member (ADMIN
6.5
MEDIUM
CVE-2026-30244
< 1.2.2
Plane is an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace memb
7.5
HIGH
CVE-2026-30242
< 1.2.3
Plane is an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/we
8.5
HIGH
CVE-2026-27706
< 1.2.2
Plane is an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnera
7.7
HIGH
CVE-2026-27705
< 1.2.2
Plane is an open-source project management tool. Prior to version 1.2.2, the
ProjectAssetEndpoint.patch()
method in `apps/api
6.5
MEDIUM
CVE-2025-69284
all versions
Plane is an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]
4.3
MEDIUM
CVE-2025-48070
< 0.23.0
Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows u
3.5
LOW
CVE-2025-21616
< 0.23.0
Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions
5.4
MEDIUM
CVE-2024-47830
< 0.23.0
Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in
9.3
CRITICAL
CVE-2023-30791
all versions
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension t
7.1
HIGH
CVE-2023-2268
all versions
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.
7.1
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin