10 matches found
EUVD-2025-26367
Malicious code in bioql PyPI...
Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
GHSA-5XQ9-5G24-4G6F Argument injection vulnerability in SonarQube Scan Action
A command injection vulnerability exists in SonarQube GitHub Action prior to v6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitrary command execution, potentially...
GHSA-F79P-9C5R-XG88 Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
Command Injection via sonarqube-scan-action GitHub Action
Impact A command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of arbitrary commands. Patches...
CVE-2025-58178
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
CVE-2025-58178 Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper...
PT-2025-35655
🔴 SonarQube Scan GitHub Action, Command Injection, CVE-2025-53087 High https://t.co/18WQ4wixFA...
PT-2025-35523
Name of the Vulnerable Software and Affected Versions SonarQube versions 4 through 5.3.0 Description SonarQube is a static analysis solution for continuous code quality and security inspection. A command injection issue was identified in the SonarQube Scan GitHub Action. Untrusted input arguments...