Lucene search

K

NexB Security Vulnerabilities

cve
cve

CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license...

6.1CVSS

6AI Score

0.0005EPSS

2023-08-14 08:15 PM
12
cve
cve

CVE-2023-39523

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. In the....

8.8CVSS

8.8AI Score

0.001EPSS

2023-08-07 09:15 PM
17