Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/codechecker@6.16.0
Typepypi
Namespace
Namecodechecker
Version6.16.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-34z1-k1dg-uqhh
vulnerability_id VCID-34z1-k1dg-uqhh
summary 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. 
Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability.

This issue affects CodeChecker: through 6.24.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10081
reference_id
reference_type
scores
0
value 0.73908
scoring_system epss
scoring_elements 0.98845
published_at 2026-06-06T12:55:00Z
1
value 0.73908
scoring_system epss
scoring_elements 0.98844
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10081
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/commit/ad41702e3108e4b92ae5d0143a5b961cc34195eb
3
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-06T15:00:25Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-f3f8-vx3w-hp5q
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-238.yaml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-238.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10081
reference_id CVE-2024-10081
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10081
6
reference_url https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
reference_id GHSA-f3f8-vx3w-hp5q
reference_type
scores
url https://github.com/advisories/GHSA-f3f8-vx3w-hp5q
fixed_packages
0
url pkg:pypi/codechecker@6.24.2
purl pkg:pypi/codechecker@6.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6urc-avwv-vbdk
1
vulnerability VCID-8qpt-75sy-mbes
2
vulnerability VCID-gyx5-u4sy-syge
3
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.2
aliases CVE-2024-10081, GHSA-f3f8-vx3w-hp5q, PYSEC-2024-238
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-34z1-k1dg-uqhh
1
url VCID-6urc-avwv-vbdk
vulnerability_id VCID-6urc-avwv-vbdk
summary 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. 




CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command.





This issue affects CodeChecker: through 6.26.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-40843
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07285
published_at 2026-06-05T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.07274
published_at 2026-06-07T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.07289
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-40843
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/commit/4122eb1b43d00c880e4f0747d2ca0a674feb7a50
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/commit/4122eb1b43d00c880e4f0747d2ca0a674feb7a50
3
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:30:15Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2025-100.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2025-100.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-40843
reference_id CVE-2025-40843
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-40843
6
reference_url https://github.com/advisories/GHSA-5xf2-f6ch-6p8r
reference_id GHSA-5xf2-f6ch-6p8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xf2-f6ch-6p8r
fixed_packages
0
url pkg:pypi/codechecker@6.26.2
purl pkg:pypi/codechecker@6.26.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.26.2
aliases CVE-2025-40843, GHSA-5xf2-f6ch-6p8r, PYSEC-2025-100
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6urc-avwv-vbdk
2
url VCID-8qpt-75sy-mbes
vulnerability_id VCID-8qpt-75sy-mbes
summary 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. 
Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF.

This issue affects CodeChecker: through 6.24.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53829
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39212
published_at 2026-06-07T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39239
published_at 2026-06-06T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39234
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53829
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-f8c8-4pm7-w885
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T15:57:49Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-f8c8-4pm7-w885
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2025-12.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2025-12.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53829
reference_id CVE-2024-53829
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53829
5
reference_url https://github.com/advisories/GHSA-f8c8-4pm7-w885
reference_id GHSA-f8c8-4pm7-w885
reference_type
scores
url https://github.com/advisories/GHSA-f8c8-4pm7-w885
fixed_packages
0
url pkg:pypi/codechecker@6.24.5
purl pkg:pypi/codechecker@6.24.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.5
1
url pkg:pypi/codechecker@6.25.0
purl pkg:pypi/codechecker@6.25.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6urc-avwv-vbdk
1
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.25.0
aliases CVE-2024-53829, GHSA-f8c8-4pm7-w885, PYSEC-2025-12
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qpt-75sy-mbes
3
url VCID-ckmm-q8cj-8ba2
vulnerability_id VCID-ckmm-q8cj-8ba2
summary In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44217
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.7336
published_at 2026-06-05T12:55:00Z
1
value 0.00741
scoring_system epss
scoring_elements 0.73352
published_at 2026-06-07T12:55:00Z
2
value 0.00741
scoring_system epss
scoring_elements 0.73324
published_at 2026-06-04T12:55:00Z
3
value 0.00741
scoring_system epss
scoring_elements 0.73366
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44217
1
reference_url https://codechecker-demo.eastus.cloudapp.azure.com
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://codechecker-demo.eastus.cloudapp.azure.com
2
reference_url https://codechecker-demo.eastus.cloudapp.azure.com/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://codechecker-demo.eastus.cloudapp.azure.com/
3
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
4
reference_url https://github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/commit/72ee51158e6d81150320223b85410c179b9ee2b1
5
reference_url https://github.com/Ericsson/codechecker/pull/3549
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/pull/3549
6
reference_url https://github.com/Ericsson/codechecker/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/releases
7
reference_url https://github.com/Ericsson/codechecker/releases/tag/v6.18.2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/releases/tag/v6.18.2
8
reference_url https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Hyperkopite/CVE-2021-44217/blob/main/README.md
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker-api/PYSEC-2022-43181.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker-api/PYSEC-2022-43181.yaml
10
reference_url https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://user-images.githubusercontent.com/9525971/142965091-e118b012-a7fc-4c2f-ad0c-80aeed6f7ec9.png
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44217
reference_id CVE-2021-44217
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44217
12
reference_url https://github.com/advisories/GHSA-fxmx-pfm2-85m2
reference_id GHSA-fxmx-pfm2-85m2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxmx-pfm2-85m2
fixed_packages
0
url pkg:pypi/codechecker@6.18.2
purl pkg:pypi/codechecker@6.18.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-dxb5-cwgk-6uhg
4
vulnerability VCID-gyx5-u4sy-syge
5
vulnerability VCID-h6wn-2dtj-q7hq
6
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.2
aliases CVE-2021-44217, GHSA-fxmx-pfm2-85m2, PYSEC-2022-43181
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckmm-q8cj-8ba2
4
url VCID-dxb5-cwgk-6uhg
vulnerability_id VCID-dxb5-cwgk-6uhg
summary 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`.
The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. This vulnerability has been patched in version 6.23.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49793
reference_id
reference_type
scores
0
value 0.00596
scoring_system epss
scoring_elements 0.69782
published_at 2026-06-06T12:55:00Z
1
value 0.00596
scoring_system epss
scoring_elements 0.69773
published_at 2026-06-05T12:55:00Z
2
value 0.00596
scoring_system epss
scoring_elements 0.69772
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49793
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T14:37:31Z/
url https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a
3
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-25T14:37:31Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-54.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-54.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49793
reference_id CVE-2023-49793
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49793
6
reference_url https://github.com/advisories/GHSA-h26w-r4m5-8rrf
reference_id GHSA-h26w-r4m5-8rrf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h26w-r4m5-8rrf
fixed_packages
0
url pkg:pypi/codechecker@6.23.0
purl pkg:pypi/codechecker@6.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-34z1-k1dg-uqhh
1
vulnerability VCID-6urc-avwv-vbdk
2
vulnerability VCID-8qpt-75sy-mbes
3
vulnerability VCID-gyx5-u4sy-syge
4
vulnerability VCID-h6wn-2dtj-q7hq
5
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0
aliases CVE-2023-49793, GHSA-h26w-r4m5-8rrf, PYSEC-2024-54
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dxb5-cwgk-6uhg
5
url VCID-gyx5-u4sy-syge
vulnerability_id VCID-gyx5-u4sy-syge
summary 
CodeChecker open redirect when URL contains multiple slashes after the product name
Summary
---

CodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment.  This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway.

Details
---

CodeChecker processes GET requests by first rewriting the path segment of the URL, and then passing the rewritten URL to the webserver framework.
When trimming the product name from the URL, no sanitization was performed on the remaining URL, which reintroduced the same issue as CVE-2021-28861, leading to the same open redirect pathway using URLs such as `/Default//attacker.com/%2f..`.

Impact
---

The vulnerability allows an attacker to create a hyperlink that looks like a legitimate CodeChecker URL, but redirects to an attacker-supplied website when clicked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1300
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31129
published_at 2026-06-05T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31061
published_at 2026-06-07T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31095
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1300
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1300
reference_id CVE-2025-1300
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1300
3
reference_url https://github.com/advisories/GHSA-g839-x3p3-g5fm
reference_id GHSA-g839-x3p3-g5fm
reference_type
scores
url https://github.com/advisories/GHSA-g839-x3p3-g5fm
4
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm
reference_id GHSA-g839-x3p3-g5fm
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T14:38:08Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm
fixed_packages
0
url pkg:pypi/codechecker@6.24.6
purl pkg:pypi/codechecker@6.24.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.6
aliases CVE-2025-1300, GHSA-g839-x3p3-g5fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyx5-u4sy-syge
6
url VCID-h6wn-2dtj-q7hq
vulnerability_id VCID-h6wn-2dtj-q7hq
summary 
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. 
Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful.

This issue affects CodeChecker: through 6.24.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10082
reference_id
reference_type
scores
0
value 0.00389
scoring_system epss
scoring_elements 0.60364
published_at 2026-06-05T12:55:00Z
1
value 0.00389
scoring_system epss
scoring_elements 0.60355
published_at 2026-06-07T12:55:00Z
2
value 0.00389
scoring_system epss
scoring_elements 0.60367
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10082
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/commit/866f3796d01f3158c49b87ccae3e09c0807c1c7b
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker/commit/866f3796d01f3158c49b87ccae3e09c0807c1c7b
3
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-06T14:54:02Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-fpm5-2wcj-vfr7
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-183.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/codechecker/PYSEC-2024-183.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10082
reference_id CVE-2024-10082
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10082
6
reference_url https://github.com/advisories/GHSA-fpm5-2wcj-vfr7
reference_id GHSA-fpm5-2wcj-vfr7
reference_type
scores
url https://github.com/advisories/GHSA-fpm5-2wcj-vfr7
fixed_packages
0
url pkg:pypi/codechecker@6.24.2
purl pkg:pypi/codechecker@6.24.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6urc-avwv-vbdk
1
vulnerability VCID-8qpt-75sy-mbes
2
vulnerability VCID-gyx5-u4sy-syge
3
vulnerability VCID-hjn3-aj1e-1ybc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.2
aliases CVE-2024-10082, GHSA-fpm5-2wcj-vfr7, PYSEC-2024-183
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6wn-2dtj-q7hq
7
url VCID-hjn3-aj1e-1ybc
vulnerability_id VCID-hjn3-aj1e-1ybc
summary 
Codechecker has an authentication bypass for certain API calls
### Summary
Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker.

### Details

The following functions are affected under the Authentication endpoint: `getAuthorisedNames`, `getPermissionsForUser`, `hasPermission`, `addPermission`, and `removePermission`.

The vulnerability allows unauthenticated users to execute these function calls with arbitrary arguments.
In the logs, the exploit shows as follows:
```
[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@getAuthorisedNames
[INFO 2026-04-23 21:23] - 127.0.0.1:42654 -- [Anonymous] POST /v6.67/Authentication@addPermission
```

### Impact
An attacker with a CodeChecker user can effectively acquire superuser permissions by calling these endpoints.

### Patch
A patch is available at https://github.com/Ericsson/codechecker/releases/tag/v6.27.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25660
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08567
published_at 2026-06-07T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08589
published_at 2026-06-06T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08573
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25660
1
reference_url https://github.com/Ericsson/codechecker
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Ericsson/codechecker
2
reference_url https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Red
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-24T13:50:59Z/
url https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25660
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25660
4
reference_url https://github.com/advisories/GHSA-4v9x-cqc5-j645
reference_id GHSA-4v9x-cqc5-j645
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4v9x-cqc5-j645
fixed_packages
aliases CVE-2026-25660, GHSA-4v9x-cqc5-j645
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjn3-aj1e-1ybc
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0