9 matches found
EUVD-2025-31338
Malicious code in bioql PyPI...
EUVD-2025-26367
Malicious code in bioql PyPI...
CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...
GHSA-5XQ9-5G24-4G6F Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
MAL-2025-175 Malicious code in contrast-local-scan-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 652706a3541c937da40c2dbeb200974a14635810d37d52b07ae884e52530c6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...