VYPR

GitHub Actions package

SonarSource/sonarqube-scan-action

pkg:github/SonarSource/sonarqube-scan-action

Vulnerabilities (2)

  • CVE-2025-59844HigSep 26, 2025
    affected >= 4.0.0, < 6.0.0fixed 6.0.0

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args paramet

  • CVE-2025-58178HigSep 2, 2025
    affected >= 4.0.0, < 5.3.1fixed 5.3.1

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without