CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

PT-2026-41119

Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.2 Description OneDev is a Git server featuring CI/CD, kanban, and packages. A flaw exists where the boundary between repository-controlled LFS Large File Storage metadata and server-local filesystem paths is...

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

CVE-2022-38301

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib...

EUVD-2021-19471

Malware in sbrugna...

EUVD-2022-41746

Malicious code in bioql PyPI...

EUVD-2022-40893

Malicious code in bioql PyPI...

EUVD-2021-8631

Malicious code in bioql PyPI...

EUVD-2021-8626

Malicious code in bioql PyPI...

EUVD-2022-41745

Malicious code in bioql PyPI...

EUVD-2021-8630

Malicious code in bioql PyPI...

EUVD-2022-41744

Malicious code in bioql PyPI...

EUVD-2021-8628

Malicious code in bioql PyPI...

EUVD-2021-8629

Malicious code in bioql PyPI...

EUVD-2021-8627

Malicious code in bioql PyPI...

EUVD-2023-28821

Malicious code in bioql PyPI...

EUVD-2021-8632

Malicious code in bioql PyPI...

EUVD-2021-8634

Malicious code in bioql PyPI...

EUVD-2021-8633

Malicious code in bioql PyPI...

CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...