VYPR

Sonarqube Scan Action

by Sonarsource

Source repositories

CVEs (2)

  • CVE-2025-58178HigSep 2, 2025
    risk 0.44cvss 7.8epss 0.01

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed…

  • CVE-2025-59844HigSep 26, 2025
    risk 0.43cvss epss 0.02

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args…