CVE Daily – SonarQube Server (High+Critical) https://cvedaily.com/pages/tags/sonarqube-server.html CVE Daily – SonarQube Server (High+Critical) en Wed, 03 Jun 2026 21:27:05 +0000 [High] CVE-2025-59844 – SonarQube Server and Cloud is a static analysis solution for continuous code qua... https://nvd.nist.gov/vuln/detail/CVE-2025-59844 https://nvd.nist.gov/vuln/detail/CVE-2025-59844 Fri, 26 Sep 2025 17:15:36 +0000 High CVE-2025-59844

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This vulnerability bypasses a previous security fix and allows arbitra…

CVSS: 7.7 · CWE: CWE-78

View on NVD

]]> [High] CVE-2025-58178 – SonarQube Server and Cloud is a static analysis solution for continuous code qua... https://nvd.nist.gov/vuln/detail/CVE-2025-58178 https://nvd.nist.gov/vuln/detail/CVE-2025-58178 Tue, 02 Sep 2025 01:15:30 +0000 High CVE-2025-58178

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitization. Arguments sent to the action are treated as shell expressions, allowing potential execution of ar…

CVSS: 7.8 · CWE: CWE-77

View on NVD

]]>