Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

theonedev — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting theonedev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by theonedev:onedev
CVE IDTitleCVSSSeverityPublished
CVE-2024-45309 OneDev vulnerable to arbitrary file reading for unauthenticated user — onedevCWE-200 7.5AIHighAI2024-10-21
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev — onedevCWE-338 8.1 High2023-02-07
CVE-2022-39206 CI/CD Docker Escape in OneDev — onedevCWE-610 9.9 Critical2022-09-13
CVE-2022-39207 Persistent XSS in OneDev — onedevCWE-79 5.4 Medium2022-09-13
CVE-2022-39208 Git Repository Disclosure in Onedev — onedevCWE-552 7.5 High2022-09-13
CVE-2022-39205 Access Control Bypass in Onedev — onedevCWE-287 9.0 Critical2022-09-13
CVE-2021-32651 LDAP injection via OneDev may leak some LDAP directory information — onedevCWE-90 3.1 Low2021-06-01
CVE-2021-21245 Pre-Auth Arbitrary File Upload — onedevCWE-434 10.0 Critical2021-01-15
CVE-2021-21246 Pre-Auth Access token leak — onedevCWE-862 8.6 High2021-01-15
CVE-2021-21247 Post-Auth Unsafe Deserialization on BasePage (AJAX) — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21249 Post-Auth Unsafe Yaml deserialization — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21250 Post-Auth External Entity Expansion (XXE) — onedevCWE-538 7.7 High2021-01-15
CVE-2021-21251 ZipSlip Arbitrary File Upload — onedevCWE-22 7.7 High2021-01-15
CVE-2021-21242 Pre-Auth Unsafe Deserialization on AttachmentUploadServet — onedevCWE-74 10.0 Critical2021-01-15
CVE-2021-21243 Pre-Auth Unsafe Deserialization on KubernetesResource — onedevCWE-74 10.0 Critical2021-01-15
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering — onedevCWE-74 10.0 Critical2021-01-15

This page lists every published CVE security advisory associated with theonedev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.