ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. In the ...
8.8CVSS
8.8AI Score
0.002EPSS
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license vie...
6.1CVSS
6AI Score
0.001EPSS