Security Research

Vulnerability Disclosures

Our commitment to Code Security goes beyond providing tools that help you find Vulnerabilities, it goes all the way to proactively and responsibly reporting security issues that are out there in the open. Our R&D Team is constantly on the lookout for vulnerabilities present in 3rd-party software that put users’ data and security at risk.

Responsible Disclosures

We follow best-practices and systematically respect grace periods, allowing maintainers to issue security patches before we disclose vulnerabilities.

powerful

Powered by SonarSource Taint Analysis Technology

We use our own products to scan open-source projects and guide our research. Finding a zero-day can be as simple as running a SonarCloud scan!

roadmap

Fueling Product Innovation

Researching vulnerabilities is a journey of trying, failing, and always learning. We use these learnings to drive improvements and innovation in our Code Security products

Severity
Software
Impact
Blog Post

Zimbra

Java Webmail

Information Leakage

Stored XSS SSRF

Severity

Software

Zimbra

Impact

Information Leakage

Etherpad

JS/TS Editor

Remote Code Execution

Argument Injection

Severity

Software

Etherpad

Impact

Remote Code Execution

CiviCRM

PHP CRM

Remote Code Execution

Phar Deserialization

Severity

Software

CiviCRM

Impact

Remote Code Execution

Grav CMS

PHP CMS

Remote Code Execution

SSTI

Severity

Software

Grav CMS

Impact

Remote Code Execution

Rocket.Chat

JS/TS MongoDB

Remote Code Execution

NoSQL Injection

Severity

Software

Rocket.Chat

Impact

Remote Code Execution

Composer

PHP Supply Chain

Remote Code Execution

Argument Injection

Severity

Software

Composer

Impact

Remote Code Execution

WordPress

PHP CMS

Arbitrary File Disclosure

XXE

Severity

Software

WordPress

Impact

Arbitrary File Disclosure

NSA Emissary

Java P2P

Remote Code Execution

Code Injection Path Traversal

Severity

Software

NSA Emissary

Impact

Remote Code Execution

MyBB

PHP Forum

Remote Code Execution

Stored XSS SQL Injection

Severity

Software

MyBB

Impact

Remote Code Execution

LocalStack

Python Cloud

Remote Code Execution

Command Injection SSRF

Severity

Software

LocalStack

Impact

Remote Code Execution

OpenEmr

PHP Medical

Remote Code Execution

Command Injection Stored XSS

Severity

Software

OpenEmr

Impact

Remote Code Execution

Pandora FMS

PHP FileShare

Remote Code Execution

SQL Injection

Severity

Software

Pandora FMS

Impact

Remote Code Execution

Codoforum

PHP Forum

Remote Code Execution

SQL Injection Path Traversal

Severity

Software

Codoforum

Impact

Remote Code Execution

Apache Kylin

Java Big Data

Remote Code Execution

Command Injection

Severity

Software

Apache Kylin

Impact

Remote Code Execution

7.2

LogicalDoc

Java FileShare

Remote Code Execution

SQL Injection

Severity

7.2

Software

LogicalDoc

Impact

Remote Code Execution

7.2

BigTree CMS

PHP CMS

Remote Code Execution

SQL Injection XSS

Severity

7.2

Software

BigTree CMS

Impact

Remote Code Execution

8.8

Pimcore

PHP CMS

Remote Code Execution

Command Injection SQL Injection

Severity

8.8

Software

Pimcore

Impact

Remote Code Execution

WooCommerce

PHP eCommerce

Remote Code Execution

Stored XSS CSRF

Severity

Software

WooCommerce

Impact

Remote Code Execution

BitBucket

Java DevOps

Remote Code Execution

Path Traversal

Severity

Software

BitBucket

Impact

Remote Code Execution

SuiteCRM

PHP CRM

Remote Code Execution

Deserialization

Severity

Software

SuiteCRM

Impact

Remote Code Execution

OXID eShop

PHP eCommerce

Remote Code Execution

SQL Injection

Severity

Software

OXID eShop

Impact

Remote Code Execution

TYPO3

PHP CMS

Remote Code Execution

Stored XSS

Severity

Software

TYPO3

Impact

Remote Code Execution

Magento

PHP eCommerce

Remote Code Execution

Stored XSS Phar Deserialization

Severity

Software

Magento

Impact

Remote Code Execution

dotCMS

Java CMS

Remote Code Execution

SQL Injection

Severity

Software

dotCMS

Impact

Remote Code Execution

MyBB

PHP Forum

Remote Code Execution

Stored XSS

Severity

Software

MyBB

Impact

Remote Code Execution

LogicalDoc

Java FileShare

Arbitrary File Disclosure

Path Traversal

Severity

Software

LogicalDoc

Impact

Arbitrary File Disclosure

WordPress

PHP CMS

Remote Code Execution

Stored XSS

Severity

Software

WordPress

Impact

Remote Code Execution

WordPress

PHP CMS

Remote Code Execution

Path Traversal

Severity

Software

WordPress

Impact

Remote Code Execution

OXID eSales

PHP eCommerce

Remote Code Execution

SQL Injection

Severity

Software

OXID eSales

Impact

Remote Code Execution

WordPress

PHP CMS

Privilege Escalation

Logical Flaw

Severity

Software

WordPress

Impact

Privilege Escalation

phpBB

PHP Forum

Remote Code Execution

Phar Deserialization

Severity

Software

phpBB

Impact

Remote Code Execution

Pydio

PHP FileShare

Remote Code Execution

Deserialization

Severity

Software

Pydio

Impact

Remote Code Execution

WooCommerce

PHP eCommerce

Remote Code Execution

File Delete

Severity

Software

WooCommerce

Impact

Remote Code Execution

TikiWiki

PHP Wiki

Information Leakage

SQL Injection

Severity

Software

TikiWiki

Impact

Information Leakage

WordPress

PHP CMS

Remote Code Execution

File Delete

Severity

Software

WordPress

Impact

Remote Code Execution

Moodle

PHP CMS

Remote Code Execution

Code Injection

Severity

Software

Moodle

Impact

Remote Code Execution

Shopware

PHP eCommerce

Information Leakage

SQL Injection

Severity

Software

Shopware

Impact

Information Leakage

PrestaShop

PHP eCommerce

Remote Code Execution

Deserialization

Severity

Software

PrestaShop

Impact

Remote Code Execution

LimeSurvey

PHP

Remote Code Execution

Stored XSS File Write

Severity

Software

LimeSurvey

Impact

Remote Code Execution

Joomla!

PHP CMS

Privilege Escalation

SQL Injection

Severity

Software

Joomla!

Impact

Privilege Escalation

CubeCart

PHP eCommerce

Remote Code Execution

SQL Injection

Severity

Software

CubeCart

Impact

Remote Code Execution

Shopware

PHP eCommerce

Remote Code Execution

SQL Injection XXE

Severity

Software

Shopware

Impact

Remote Code Execution

flatCore CMS

PHP CMS

Remote Code Execution

Stored XSS

Severity

Software

flatCore CMS

Impact

Remote Code Execution

Joomla!

PHP CMS

Remote Code Execution

LDAP Injection

Severity

Software

Joomla!

Impact

Remote Code Execution

SugarCRM

PHP CRM

Remote Code Execution

Deserialization SQL Injection

Severity

Software

SugarCRM

Impact

Remote Code Execution

osClass

PHP eCommerce

Remote Code Execution

File Inclusion XSS

Severity

Software

osClass

Impact

Remote Code Execution

Roundcube

PHP EMail

Remote Code Execution

Command Injection

Severity

Software

Roundcube

Impact

Remote Code Execution

phpMyAdmin

PHP Hosting

Remote Code Execution

Code Injection

Severity

Software

phpMyAdmin

Impact

Remote Code Execution

phpMyAdmin

PHP Hosting

Remote Code Execution

File Inclusion

Severity

Software

phpMyAdmin

Impact

Remote Code Execution