leantime/leantime vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-QRFH-CC86-VC8CMediumleantime/leantime: Leantime has HTML injection through firstname and lastname fieldsGHSA-F679-254H-QHVJLowleantime/leantime: Leantime allows Cross-Site Scripting (XSS)CVE-2025-28254Mediumleantime/leantime: Leantime affected by Improper Neutralization of HTML TagsGHSA-3HFJ-QCVJ-4HX8Lowleantime/leantime: Leantime has Missing Authorization Check for Host ParameterGHSA-C39W-3PJX-QC7MHighleantime/leantime: Leantime allows Stored Cross-Site Scripting (XSS)GHSA-92XH-6X7V-4RMQMediumleantime/leantime: Leantime allows Cross-Site Request Forgery (CSRF)GHSA-V4Q9-437P-MHPGHighleantime/leantime: Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)GHSA-63CR-XG3F-8JVRMediumleantime/leantime: Leantime allows Stored Cross-Site Scripting (XSS)GHSA-52XF-H226-PFGXMediumleantime/leantime: Leantime allows Refelected Cross-Site Scripting (XSS)GHSA-H6W8-27PH-C385Mediumleantime/leantime: Leantime has Insufficiently Protected CredentialsGHSA-MG4C-884J-PCQ9Mediumleantime/leantime: Leantime allows Stored Cross-Site Scripting (XSS)GHSA-99R5-84GR-59F6Mediumleantime/leantime: Leantime has Host Header Injection Vulnerability

Stop the waste.
Protect your environment with Kodem.