PT-2026-5715

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 17.0.99.1768924735 Tuleap Enterprise Edition versions 17.2-5, 17.1-6, and 17.0-9 Description Tuleap lacks CSRF protection in the Overview inconsistent items feature. An attacker could exploit this to...

CVE-2022-23473

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This on...

EUVD-2025-6009

Malicious code in bioql PyPI...

EUVD-2023-50472

Malicious code in bioql PyPI...

EUVD-2024-36476

Malicious code in bioql PyPI...

EUVD-2025-23041

Malicious code in bioql PyPI...

EUVD-2025-7730

Malicious code in bioql PyPI...

EUVD-2025-8852

Malicious code in bioql PyPI...

CVE-2025-52899

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

CVE-2025-53541

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...

CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts...

CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...

PT-2025-31260 · Unknown · Tuleap Community Edition +1

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.9.99.1751892857 Tuleap Enterprise Edition versions prior to 16.8-5 and 16.9-3 Description: Tuleap is an Open Source Suite created to facilitate management of software development and collaboration...

PT-2025-31261 · Unknown · Tuleap Enterprise Edition +1

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 16.9.99.1752585665 Tuleap Enterprise Edition versions prior to 16.8-6 and 16.9-5 Description: Tuleap is an Open Source Suite created to facilitate management of software development and collaboration...

CVE-2025-50179

Summary: CVE-2025-50179 affects Tuleap. The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to trick victims into changing canned responses. Affected products are Tuleap Community Edition prior to 16.8.99.1749830289 and Tuleap Enterprise Edition prior to 16.9-1. ...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

CVE-2024-23344

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...

CVE-2024-39902

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissio...

CVE-2025-30155

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8...

CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...