Skip to main content

Sourcegraph

9 CVEs product

Monthly

CVE-2022-41943 HIGH PATCH This Week

sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-41942 HIGH PATCH This Week

Sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Sourcegraph
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-31155 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31154 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-29171 HIGH This Week

Sourcegraph is a fast and featureful code search and navigation engine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Grafana Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-23642 HIGH POC PATCH THREAT Act Now

Sourcegraph is a code search and navigation engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Sourcegraph
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
74.3%
CVE-2021-43823 MEDIUM PATCH This Month

Sourcegraph is a code search and navigation engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sourcegraph
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32787 MEDIUM PATCH This Month

Sourcegraph is a code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-12283 Go MEDIUM POC PATCH This Month

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Sourcegraph
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
EPSS 1% CVSS 7.2
HIGH PATCH This Week

sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sourcegraph
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Sourcegraph
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Sourcegraph is a fast and featureful code search and navigation engine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Grafana +1
NVD GitHub
EPSS 74% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Sourcegraph is a code search and navigation engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Sourcegraph
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Sourcegraph is a code search and navigation engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sourcegraph
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Sourcegraph is a code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sourcegraph
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Sourcegraph
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy