VYPR

PyPI package

codechecker

pkg:pypi/codechecker

Vulnerabilities (7)

  • CVE-2026-25660CriApr 24, 2026
    affected <= 6.27.3

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user e

  • CVE-2025-40843Oct 28, 2025
    affected < 6.26.2fixed 6.26.2

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command

  • CVE-2025-1300Feb 28, 2025
    affected < 6.24.6fixed 6.24.6

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This

  • CVE-2024-53829Jan 21, 2025
    affected < 6.24.5fixed 6.24.5

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, i

  • CVE-2024-10082Nov 6, 2024
    affected < 6.24.2fixed 6.24.2

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a w

  • CVE-2024-10081Nov 6, 2024
    affected < 6.24.2fixed 6.24.2

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. Thes

  • CVE-2023-49793Jun 24, 2024
    affected < 6.23.0fixed 6.23.0

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display fil