VYPR

Codechecker

by Ericsson

pypi: codechecker

Source repositories

CVEs (8)

  • CVE-2026-25660CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user…

  • CVE-2025-40843Oct 28, 2025
    risk 0.00cvss epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker…

  • CVE-2025-1300Feb 28, 2025
    risk 0.00cvss epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This…

  • CVE-2024-53829Jan 21, 2025
    risk 0.00cvss epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same…

  • CVE-2024-10082Nov 6, 2024
    risk 0.00cvss epss 0.00

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a…

  • CVE-2024-10081Nov 6, 2024
    risk 0.00cvss epss 0.40

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication.…

  • CVE-2023-49793Jun 24, 2024
    risk 0.00cvss epss 0.01

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display…

  • CVE-2021-44217Jan 18, 2022
    risk 0.00cvss epss 0.02

    In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.