CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/01/09 9:13 a.m.•4 views

CVE-2022-31155

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...

4.3CVSS6.9AI score0.00168EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-52771

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00168EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-33573

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.0224EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:16 a.m.•3 views

CVE-2022-29171

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...

7.2CVSS7.5AI score0.0224EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:53 p.m.•4 views

CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

6.4CVSS6.7AI score0.00143EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:49 p.m.•4 views

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

6.1CVSS7.1AI score0.00257EPSS

Exploits1

RedhatCVE•added 2025/02/05 11:49 p.m.•8 views

CVE-2022-41943

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

9CVSS7.6AI score0.00269EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 11:29 p.m.•5 views

CVE-2022-23642

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...

8.8CVSS7.3AI score0.85278EPSS

Exploits8References1

Positive Technologies•added 2022/08/01 12:0 a.m.•1 views

PT-2022-20569 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.42 Description: The issue allows an authenticated Sourcegraph user to edit Code Monitors owned by any other Sourcegraph user, including editing the trigger and action of the monitor. However, an attacker cannot...

6.4CVSS5AI score0.00143EPSS

Exploits0References5

0day.today•added 2022/07/14 12:0 a.m.•366 views

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

8.8CVSS9AI score0.85278EPSS

Exploits8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by