Browse all 3 CVE security advisories affecting ggnomes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ggnomes is a network monitoring tool primarily used for infrastructure management and security auditing. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls. The tool's architecture typically exposes multiple attack surfaces through its web interface and API endpoints. While no major public security incidents have been widely documented, its three recorded CVEs highlight consistent issues with authentication bypass and command injection flaws. Security researchers have noted that default configurations often leave systems exposed, requiring hardening before deployment in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12854 | Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload — Garden Gnome PackageCWE-434 | 8.8 | High | 2025-01-08 |
| CVE-2024-8657 | Garden Gnome Package <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Garden Gnome PackageCWE-79 | 6.4 | Medium | 2024-09-24 |
| CVE-2023-5664 | Garden Gnome Package <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Garden Gnome PackageCWE-79 | 6.4 | Medium | 2023-11-22 |
This page lists every published CVE security advisory associated with ggnomes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.