Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 17 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-45309 OneDev vulnerable to arbitrary file reading for unauthenticated user theonedevonedev--2024-10-21 14:55:18 Deep Dive
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev theonedevonedev High 8.1 2023-02-07 23:25:11 Deep Dive
CVE-2022-39206 CI/CD Docker Escape in OneDev theonedevonedev Critical 9.9 2022-09-13 18:50:14 Deep Dive
CVE-2022-39207 Persistent XSS in OneDev theonedevonedev Medium 5.4 2022-09-13 18:50:09 Deep Dive
CVE-2022-39208 Git Repository Disclosure in Onedev theonedevonedev High 7.5 2022-09-13 18:42:28 Deep Dive
CVE-2022-39205 Access Control Bypass in Onedev theonedevonedev Critical 9.0 2022-09-13 18:30:13 Deep Dive
CVE-2021-32651 LDAP injection via OneDev may leak some LDAP directory information theonedevonedev Low 3.1 2021-06-01 17:15:12 Deep Dive
CVE-2021-21245 Pre-Auth Arbitrary File Upload theonedevonedev Critical 10.0 2021-01-15 20:10:52 Deep Dive
CVE-2021-21246 Pre-Auth Access token leak theonedevonedev High 8.6 2021-01-15 20:10:46 Deep Dive
CVE-2021-21247 Post-Auth Unsafe Deserialization on BasePage (AJAX) theonedevonedev Critical 9.6 2021-01-15 20:10:40 Deep Dive
CVE-2021-21249 Post-Auth Unsafe Yaml deserialization theonedevonedev Critical 9.6 2021-01-15 20:10:31 Deep Dive
CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection theonedevonedev Critical 9.6 2021-01-15 20:10:30 Deep Dive
CVE-2021-21250 Post-Auth External Entity Expansion (XXE) theonedevonedev High 7.7 2021-01-15 20:10:21 Deep Dive
CVE-2021-21251 ZipSlip Arbitrary File Upload theonedevonedev High 7.7 2021-01-15 20:10:14 Deep Dive
CVE-2021-21242 Pre-Auth Unsafe Deserialization on AttachmentUploadServet theonedevonedev Critical 10.0 2021-01-15 20:05:27 Deep Dive
CVE-2021-21243 Pre-Auth Unsafe Deserialization on KubernetesResource theonedevonedev Critical 10.0 2021-01-15 20:05:21 Deep Dive
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering theonedevonedev Critical 10.0 2021-01-15 20:05:13 Deep Dive