Every CVE whose affected-product data names Google Bazel, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-22539 — CVSS 8.2 (high): An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace…
CVE-2022-3474 — CVSS 4.3 (medium): A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead…