CVE-2021-41142

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and...

CVE-2021-41147

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute...

EUVD-2023-34991

Malicious code in bioql PyPI...

EUVD-2023-42309

Malicious code in bioql PyPI...

EUVD-2025-6011

Malicious code in bioql PyPI...

EUVD-2025-23043

Malicious code in bioql PyPI...

EUVD-2021-28261

Malicious code in bioql PyPI...

EUVD-2025-8853

Malicious code in bioql PyPI...

EUVD-2024-38292

Malicious code in bioql PyPI...

EUVD-2024-20851

Malicious code in bioql PyPI...

EUVD-2021-28262

Malicious code in bioql PyPI...

EUVD-2022-48991

Malicious code in bioql PyPI...

EUVD-2021-28259

Malicious code in bioql PyPI...

EUVD-2025-7770

Malicious code in bioql PyPI...

EUVD-2025-8848

Malicious code in bioql PyPI...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2023-30619

Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute...

CVE-2022-46160

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to...

CVE-2021-41148

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal...

CVE-2025-27099

Tuleap exposes an XSS vulnerability (CVE-2025-27099) in the semantic timeframe deletion message, via tracker names. The issue affects Tuleap’s tracker-name handling and can enable an administrator with a semantic timeframe used by other trackers to trick others into executing uncontrolled code. P...