Browse all 4 CVE security advisories affecting TODO. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TODO is a task management application designed for personal and team organization. Historically, TODO has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The application's web interface and API have been primary attack vectors, with several critical flaws allowing unauthorized access and system compromise. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in input validation and access controls suggests potential risks for organizations relying on TODO for sensitive task management. Regular patching and input sanitization remain essential security practices for this tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-2594 | Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload — Advanced Custom FieldsCWE-434 | 7.5 | - | 2022-08-22 |
This page lists every published CVE security advisory associated with TODO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.