Vulnerability disclosure

Sonar security: We find, we fix.

Our commitment to code security extends beyond your application. Sonar’s dedicated security research team continuously identifies and responsibly discloses vulnerabilities across key open source projects and packages.

Featured disclosed vulnerabilities

4.1
CVE-2025-53637

meshtastic/firmware

  • GitHub Actions
  • CI/CD

Repository Takeover

  • Command Injection
9.3
CVE-2025-61584

serverless-dns

  • GitHub Actions
  • CI/CD

Repository Takeover

  • Command Injection
6.5
CVE-2025-32779

EDDI

  • Java
  • AI

Remote Code Execution

  • Zip Slip
7.8
CVE-2025-25251

FortiClient

  • C++
  • Endpoint Protection

Privilege Escalation

  • PID Reuse
5.3
CVE-2025-22859

Fortinet EMS

  • Apache2
  • Endpoint Protection

Session Takeover

  • XSS
10
CVE-2024-1597

PgJDBC

  • Java
  • Database Client

SQL Injection

  • Command Injection
6.8
CVE-2025-2703

Grafana

  • TypeScript
  • Analytics

Session Takeover

  • XSS
10
CVE-2024-29201

JumpServer

  • Python
  • Privileged Access Management

Remote Code Execution

  • Validation Bypass
8.3
CVE-2024-35219

OpenAPI Generator

  • Java
  • API Management

File Read

  • Path Traversal
9.3
CVE-2024-42009

Roundcube

  • PHP
  • Webmail

Session Takeover

  • XSS
  • Desanitization
9.9
CVE-2024-39930

Gogs

  • Go
  • Source Code Hosting

Remote Code Execution

  • Argument Injection
6.2
CVE-2024-30270

Mailcow

  • PHP
  • Webmail

Remote Code Execution

  • File Write

Unsubscribe