CVE-2025-58178

CVE-2025-58178 affects SonarQube-related tooling: the SonarQube Scan GitHub Action (versions up to 5.3.0) is vulnerable to command injection because untrusted input arguments are treated as shell expressions. This can lead to execution of arbitrary commands with local privileges. A fix is release...

SonarQube Server 命令注入漏洞

SonarQube Server is a code quality and security auditing platform from Sonar UK. A command injection vulnerability exists in SonarQube Server versions 4 through 5.3.0, which stems from SonarQube Scan GitHub Action command injection and could lead to the execution of arbitrary commands...

PT-2025-35523

Name of the Vulnerable Software and Affected Versions SonarQube versions 4 through 5.3.0 Description SonarQube is a static analysis solution for continuous code quality and security inspection. A command injection issue was identified in the SonarQube Scan GitHub Action. Untrusted input arguments...

SonarSource SonarQube Server < 9.9.4 / 10.x < 10.4 Information Disclosure (CVE-2024-38460)

The version of SonarSource SonarQube Server running on the remote host is prior to 9.9.4 or 10.x prior to 10.4. It is, therefore, affected by an information disclosure vulnerability: - In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are...