Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

theonedev — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting theonedev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Theonedev develops software tools primarily used for development and deployment automation. Historically, their products have been vulnerable to multiple remote code execution flaws, cross-site scripting vulnerabilities, and privilege escalation issues, accounting for the majority of their 17 recorded CVEs. Security researchers have identified consistent patterns in input validation and access control weaknesses across their codebase. While no major public security incidents have been widely documented, the accumulation of CVEs suggests ongoing challenges in secure coding practices. Their tools remain popular despite these vulnerabilities, indicating a trade-off between functionality and security that continues to concern security professionals.

Top products by theonedev: onedev
CVE IDTitleCVSSSeverityPublished
CVE-2024-45309 OneDev vulnerable to arbitrary file reading for unauthenticated user — onedevCWE-200 7.5AIHighAI2024-10-21
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev — onedevCWE-338 8.1 High2023-02-07
CVE-2022-39206 CI/CD Docker Escape in OneDev — onedevCWE-610 9.9 Critical2022-09-13
CVE-2022-39207 Persistent XSS in OneDev — onedevCWE-79 5.4 Medium2022-09-13
CVE-2022-39208 Git Repository Disclosure in Onedev — onedevCWE-552 7.5 High2022-09-13
CVE-2022-39205 Access Control Bypass in Onedev — onedevCWE-287 9.0 Critical2022-09-13
CVE-2021-32651 LDAP injection via OneDev may leak some LDAP directory information — onedevCWE-90 3.1 Low2021-06-01
CVE-2021-21245 Pre-Auth Arbitrary File Upload — onedevCWE-434 10.0 Critical2021-01-15
CVE-2021-21246 Pre-Auth Access token leak — onedevCWE-862 8.6 High2021-01-15
CVE-2021-21247 Post-Auth Unsafe Deserialization on BasePage (AJAX) — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21249 Post-Auth Unsafe Yaml deserialization — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection — onedevCWE-74 9.6 Critical2021-01-15
CVE-2021-21250 Post-Auth External Entity Expansion (XXE) — onedevCWE-538 7.7 High2021-01-15
CVE-2021-21251 ZipSlip Arbitrary File Upload — onedevCWE-22 7.7 High2021-01-15
CVE-2021-21242 Pre-Auth Unsafe Deserialization on AttachmentUploadServet — onedevCWE-74 10.0 Critical2021-01-15
CVE-2021-21243 Pre-Auth Unsafe Deserialization on KubernetesResource — onedevCWE-74 10.0 Critical2021-01-15
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering — onedevCWE-74 10.0 Critical2021-01-15

This page lists every published CVE security advisory associated with theonedev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.