Browse all 3 CVE security advisories affecting Leantime. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Leantime is an open-source project management platform designed for lean methodologies, helping teams manage projects, sprints, and roadmaps. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control issues. The platform's CVE history includes three recorded vulnerabilities, highlighting potential risks in areas like file handling and user permissions. While no major public security incidents have been widely documented, the presence of these CVEs underscores the importance of regular updates and security hardening for organizations implementing Leantime in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-45826 | Authenticated SQL Injection in leantime — leantimeCWE-89 | 6.5 | Medium | 2023-10-19 |
| CVE-2023-33961 | Leantime Stored Cross-site Scripting Vulnerability — leantimeCWE-79 | 8.9 | High | 2023-05-30 |
| CVE-2020-5292 | Time-based blind injection in Leantime — LeantimeCWE-89 | 8.7 | High | 2020-03-31 |
This page lists every published CVE security advisory associated with Leantime. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.