SonarQube Server - 2 CVEs (Page 1/1)

About “SonarQube Server”

A curated feed of “SonarQube Server”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 2 were published. Average CVSS is 7.8 (all time; 7.8 over 365d), and 100% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: sonarqube-server

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL	LTS
2026.3	2026-05-21	2026.3.1	2026-07-20	2026-07-20 Soon
2026.2	2026-03-24	2026.2.1	2026-05-18	2026-05-18 Expired
2026.1	2026-01-30	2026.1.3	2027-01-30	2027-08-02	LTS
2025.6	2025-12-12	2025.6.1	Unavailable	-
2025.5	2025-09-26	2025.5	2025-12-12	2025-12-12 Expired
2025.4	2025-07-30	2025.4.7	2026-07-30	2027-01-30	LTS
2025.3	2025-05-30	2025.3.1	2025-07-29	2025-07-29 Expired
2025.2	2025-03-27	2025.2.0	2025-05-26	2025-05-26 Expired
2025.1	2025-01-23	2025.1.8	2026-01-23	2026-07-01 Soon	LTS
10	2023-03-30	10.8.0	2025-01-20	2025-03-26 Expired
9	2021-07-05	9.9.8	2023-03-30	2025-01-20 Expired	LTS
8	2019-10-15	8.9.10	2021-07-05	2023-02-07 Expired	LTS
7	2018-02-02	7.9.6	2019-10-16	2021-05-04 Expired	LTS

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “SonarQube Server” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-09-26

High

CVE-2025-59844

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to b…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

2025-09-02

High

CVE-2025-58178

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD