9 matches found
CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
EUVD-2026-9069
PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages...
CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0, PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains...
PMD 跨站脚本漏洞
PMD is a scalable, multi-language static source code analyzer. Versions of PMD prior to 7.22.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of output in vbhtml and yahtml report formats, which could lead to cross-site scripting attacks...
CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered...
CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered...
Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...
Static Code Analyzer: PVS-Studio
Static Code Analyzer PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a wide range of code checks, it is also useful to search for misprints and Copy-Paste errors. Examples of such errors: V501 , V517 , V522 , V523 ,...
Rubocop - A Ruby Static Code Analyzer, Based On The Community Ruby Style Guide
RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide . Most aspects of its behavior can be tweaked via various configuration options. Installation RuboCop 's installation is pretty standard: $ gem install rubocop ...