Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sourcegraph sourcegraph vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
8.8
CVSSv3
CVE-2023-46248
Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 up to and including 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration...
Sourcegraph Cody
7.8
CVSSv3
CVE-2022-41942
Sourcegraph is a code intelligence platform. In versions before 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitoli...
Sourcegraph Sourcegraph
7.2
CVSSv3
CVE-2022-41943
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4...
Sourcegraph Sourcegraph
4.3
CVSSv3
CVE-2022-31154
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An atta...
Sourcegraph Sourcegraph
4.3
CVSSv3
CVE-2022-31155
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions prior to 3.41.0, it is possible for an malicious user to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other...
Sourcegraph Sourcegraph
7.2
CVSSv3
CVE-2022-29171
Sourcegraph is a fast and featureful code search and navigation engine. Versions prior to 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, wh...
Sourcegraph Sourcegraph
8.8
CVSSv3
CVE-2022-23642
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an malicious user to set...
Sourcegraph Sourcegraph
1 Github repository
6.5
CVSSv3
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. Thi...
Sourcegraph Sourcegraph
6.5
CVSSv3
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitori...
Sourcegraph Sourcegraph
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »