Security Advisories

Software vulnerabilities found in Qualys' products.

Responsible Disclosure

Qualys is committed to collaboration with security researchers as a way to ensure the security of our products.

Jonathan Trull CISO

This page contains information regarding security vulnerabilities that may impact Qualys' products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Qualys strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner.

Business colleagues reviewing endpoint security solutions | Qualys

Report a vulnerability

If you believe you've found a security issue in one of our products or services, please send it to us at bugreport@qualys.com along with your contact details and include the following in your report:

  • A description of the issue and were it is located along with screenshots.

  • A description of the steps required to reproduce the issue.

  • A working proof of concept.

Read our responsible diclosure policy.

  • Jan 10, 2024

    Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance

  • Jan 10, 2024

    Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance

  • Jan 10, 2024

    Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security

  • Dec 08, 2023

    Stored XSS Vulnerability in QualysGuard VM/PC

  • Sep 08, 2023

    Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier

  • Apr 18, 2023

    Possible Executable Hijacking of Qualys Cloud Agent for Windows prior to 4.5.3.1 [CVE-2023-28140]

  • Apr 18, 2023

    Possible NTFS Junction Exploitation on Qualys Cloud Agent for Windows prior to 4.8.0.31 [CVE-2023-28141]

  • Apr 18, 2023

    Possible Qualys Cloud Agent for Windows Race Condition Exploitation prior to 4.5.3.1 [CVE-2023-28142]

  • Apr 18, 2023

    Possible Local Privilege Escalation of Exploitation of Qualys Cloud Agent for Mac prior to 3.7 [CVE-2023-28143]

  • Aug 15, 2022

    Possible local privilege escalation for Qualys Cloud Agent for Linux with Manifest versions prior to 2.5.548.2

  • Aug 15, 2022

    Possible local information disclosure for Qualys Cloud Agent for Linux when logging level set to trace

  • View vulnerabilities in other products found by Qualys engineers.