Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Loading...
High
GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Remote code execution vulnerability in Jenkins Templating Engine Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:templating-engine
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04djcyLXFyM2gtYzZyds4AAnOU
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bumblebee
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00OGhyLWpnNHAtdzRwNM4AAnp9
XSS vulnerability in Jenkins Claim Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:claim
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqcXctcjN3dy13ajJ3
Expression Language Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cGhxLWo3OHAtZmhncM4AAlxz
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:Parameterized-Remote-Trigger
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qZjlqLWh4MmotbTl4aM4AAlx7
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cnZ3LTdteDctaDUzeM4AAlx0
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qN3EyLWM2cjQteDJqd84AAlxw
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.tools:git-parameter
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NHAteHdyci05Y3Jo
Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xMzk3LXcyOGYtang5N84AAk1a
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OXJxLTloNDQtZjg0ds4AAk1J
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13NmMyLWpyaGgtanJ4Z84AAlx_
Credentials stored in plain text by Jenkins tfs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tfs
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Njh4LXd2bTItaHFjOM4AAk06
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:compact-columns
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cDhqLWhyZ2YtamMyZ84AAwdQ
Apache Zeppelin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS14cTJxLThoeGMtN2pyMs4AAlyG
XXE vulnerability in Jenkins Valgrind Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:valgrind
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12NDZxLXhqcDUtN3A2cs4AAlyU
Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vmanager-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oajM2LXY3MngtY2M2as4AAlyB
Missing permission checks in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12amY4LXh3NmMtd2pocc4AAllA
CSRF vulnerability in Jenkins Flaky Test Handler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:flaky-test-handler
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zbXdqLTd2bXEtdzQzcM4AAllB
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
Ecosystems: maven
Packages: com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNHFxLThxMnItZzJmMs4AAlx5
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jY3dwLTYzM2otZzI5ds4AAlyH
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qODUyLW1wODItd3YyZ84AAk1A
Improper permission checks in Jenkins Swarm Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:swarm
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcnI4LWZjZzctcDJ3Z84AAllJ
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMnhwLW02dmctZ3dwas4AAlk-
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01YzR2LXZoOTUtYzY3Y84AAllH
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jMmhnLTJqajYtaDh2aM4AAllD
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1odjUzLXFqZzYtNXBtOc4AAkKl
XSS vulnerability in Jenkins Gatling Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gatling
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mODJ2LXBnNzQtNjY4Ns4AAkLi
Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin
Ecosystems: maven
Packages: br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01eDg5LTc1cjctOHJqaM4AAkK2
XSS vulnerability in Jenkins useMango Runner Plugin
Ecosystems: maven
Packages: it.infuse.jenkins:usemango-runner
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nYzJyLWNjZmgtNjJ2Oc4AAoGF
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jbWdtLXE4aGYtcDdqY84AAkKs
XXE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OThtLWYyeDMtampxNM4AAoNt
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbTNmLTIzMjMtNjRtN84AAoNh
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14eDdnLWYyODctZjlmcc4AAmCb
XXE vulnerability in Jenkins Liquibase Runner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xNTY0LXZ2eDgtOTM4OM4AAmCg
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:warnings
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Z2c1LXZ4M2oteHdjN84AAwQz
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NGNtLXA5cTctcnIzcM4AAmCw
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNXd4LXcyZjktODJnaM4AAjcW
XXE vulnerability in Jenkins WebSphere Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:websphere-deployer
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cjM3LXBqZmgtcXd3Y84AAjcY
Fortify Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS04ZnA0LXJwNmMtNWdjds0Y7g
Path Traversal in com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Password exposure in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1majZmLTY5MzMtODM5as4AAjcN
Non-constant time HMAC comparison
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yYzdoLXg2Y3EtOTg4cc3p0Q
Improper Input Validation in JGroups
Ecosystems: maven
Packages: org.jgroups:jgroups
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1td2cyLTN4cHYtNXYyOM4AAoGG
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Credentials stored in plain text by Jenkins Copr Plugin
Ecosystems: maven
Packages: org.fedoraproject.jenkins.plugins:copr
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13Nmh3LTU3anEtaDdmNc4AAknq
CSRF vulnerability in Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tZzQ2LWY5aDUtZzI3eM4AAywe
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.engine
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS00aGhxLWozeHctd2o4Oc4AAknR
RCE vulnerability in SCM Filter Jervis Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:scm-filter-jervis
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS05ZjM3LWdneG0taDZ3eM4AAmvW
CSRF vulnerability in Jenkins Shelve Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:shelve-project-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00M2oyLXI0djMtbThqcM4AAknk
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00ajJwLXg3OW0tamNqOM4AAyo8
XXL-JOB vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qdjYyLTZ4dmMtY2N3aM4AAiIf
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.technicolor:elOyente
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wZ2o2LWptajUtd3FmeM4AAqj8
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yYzc5LWgyaDUtZzNmd84AAqj1
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tOWhyLTI1OWYtMnYyM84AAqj9
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zcTg0LXZydngtcmZ2Zs4AAqkF
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qOGM3LWZtODUtNmpqNs4AAiIo
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.ukiuni.callOtherJenkins:call-remote-job-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jdnZtLTRjcjktcjQzNs4AAqkD
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZjM0LWY0M3ItZ3Y5cM4AAyZ8
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS1xNWo5LWY5NXctZjRwcs4AAwIx
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
Ecosystems: maven
Packages: org.terasoluna.gfw:terasoluna-gfw-common
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dnI1LTcydzctcTZqY84AAvdg
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS01YzJjLWN2ZzYtZ2hqbc4AApuC
Password stored in plain text by Jenkins Nomad Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yN3JmLThtanAtcjM2M84AAvdY
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02ZmNqLTl2ZnctanEybc4AAxlu
Arbitrary file deletion in ureport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: pypi, go, maven, packagist, nuget
Packages: protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13M2dtLXZ2NTgtd3I1Nc4AAo_l
Missing permission check in Jenkins requests-plugin Plugin allows sending emails
Ecosystems: maven
Packages: org.jenkins-ci.plugins:requests
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ZzJmLTlyZjctNDhnbc4AAv6P
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: io.loader:loaderio-jenkins-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qODc0LTQ3eHgtOXhmZ84AAv6K
Missing permission check in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3eDItOXE0OC12bTly
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc
Source: GitHub Advisory Database
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0zNnAzLXdqbWctaDk0eM03aQ
Remote Code Execution in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc, org.springframework:spring-beans, org.springframework.boot:spring-boot-starter-webflux, org.springframework.boot:spring-boot-starter-web
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho
XStream can cause a Denial of Service.
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zdndtLWZjODctbXE2aM4AAv6W
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13MmozLXBxNjMtMzM5d84AAv6T
Incorrect permission checks in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cXYtZjVnZi04Z2Nm
Missing Authorization in Jenkins P4 plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nZ2hjLWc4Y2otNHZmds4AAqOV
Stored XSS vulnerability in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNGo1LWM0Y3YtbW1nNc4AAolr
XXE vulnerability in Jenkins URLTrigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:urltrigger
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12N3hoLWg0OGMteHc1Zs4AAn-O
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-track
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03OXI1LXJocnctN3B2aM4AAn-C
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:jabber
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycDR4LWg1NzctY2h2cc4AAqqb
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oNjQ4LWdqMzQtNXg0cs4AAqqG
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS01OHByLWhwcngtN2hnNs4AApuG
RCE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14ajI5LWdmd3ctajY3Z84AAygB
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jacoco
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1yeHZ4LTl3ZzUtcXB3d84AAiYz
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczd2ctNm1jZi04amo2
Local Temp Directory Hijacking Vulnerability
Ecosystems: maven
Packages: org.mortbay.jetty:jetty-webapp, org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NG1qLTNwOTItNTg5ds4AAs7p
Cross-site Scripting in Jenkins JUnit Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:junit
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qOWg0LXA2cDctODY1Ms4AAygL
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oMjQ2LWczOXgtN3ZteM4AArAu
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02bXBwLWNtM3YtMjN2ds4AAoy5
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtOTl3ai04bWdn
Command injection in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-core
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05N2c4LXhmdnctcTRoZ84AAwUZ
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cng2LTR2d3YtNDMyZ84AAoNz
Missing permission check in CloudBees CD Plugin allows scheduling builds
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Published: about 1 year ago
Filter by Package
org.jenkins-ci.main:jenkins-core 163 org.apache.tomcat:tomcat 78 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 43 org.keycloak:keycloak-core 39 com.thoughtworks.xstream:xstream 37 org.apache.nifi:nifi 28 org.springframework:spring-core 27 io.undertow:undertow-core 26 com.liferay.portal:release.portal.bom 25 net.mingsoft:ms-mcms 25 org.elasticsearch:elasticsearch 23 org.xwiki.platform:xwiki-platform-oldcore 22 org.apache.tomcat.embed:tomcat-embed-core 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 org.springframework.security:spring-security-core 21 org.eclipse.jetty:jetty-server 21 org.apache.openmeetings:openmeetings-parent 20 com.vaadin:vaadin-bom 19 org.keycloak:keycloak-parent 18 org.bouncycastle:bcprov-jdk14 17 org.apache.activemq:activemq-client 17 org.bouncycastle:bcprov-jdk15 16 org.apache.geode:geode-core 16 org.apache.jspwiki:jspwiki-main 15 org.apache.cxf:cxf 14 org.apache.dubbo:dubbo 14 org.apache.tika:tika-core 12 org.jenkins-ci.plugins.workflow:workflow-cps 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 org.apache.hadoop:hadoop-main 11 org.apache.jspwiki:jspwiki-war 11 org.apache.camel:camel-core 10 com.vaadin:flow-server 10 org.xwiki.platform:xwiki-platform-web 10 org.apache.ranger:ranger 10 org.xwiki.platform:xwiki-platform-web-templates 9 org.apache.xmlgraphics:batik 9 io.jenkins:configuration-as-code 9 org.apache.hive:hive 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 org.jenkins-ci.plugins:email-ext 8 org.apache.tapestry:tapestry-core 8 org.apache.poi:poi 8 org.apache.shiro:shiro-core 8 org.apache.tika:tika 8 org.yaml:snakeyaml 8 org.apache.commons:commons-compress 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 org.keycloak:keycloak-services 8 org.apache.hive:hive-exec 8 org.apache.kylin:kylin 8 org.apache.ozone:ozone-main 8 org.apache.zeppelin:zeppelin 7 com.xuxueli:xxl-job 7 org.apache.archiva:archiva 7 org.springframework:spring-webmvc 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.opennms:opennms 7 org.jenkins-ci.plugins:subversion 7 org.igniterealtime.openfire:parent 7 org.apache.atlas:atlas-common 7 org.apache.santuario:xmlsec 7 org.craftercms:crafter-studio 7 org.jruby:jruby-stdlib 7 rubygems-update 7 io.jenkins.blueocean:blueocean 7 org.postgresql:postgresql 7 org.apache.logging.log4j:log4j-core 7 com.jflyfox:jflyfox_jfinal 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 org.apache.spark:spark-core_2.11 7 org.apache.cxf:apache-cxf 7 org.apache.james:james-server 7 org.jeecgframework.boot:jeecg-boot-base 7 io.atomix:atomix 7 org.apache.hive:hive-service 7 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:ec2 6 org.xwiki.platform:xwiki-platform-administration-ui 6 org.jenkins-ci.plugins:active-directory 6 org.apache.solr:solr-parent 6 org.csanchez.jenkins.plugins:kubernetes 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 commons-jxpath:commons-jxpath 6 org.opencastproject:opencast-kernel 6 io.dataease:dataease-plugin-common 6 commons-fileupload:commons-fileupload 6 org.springframework.amqp:spring-amqp 6 org.apache.tomcat:tomcat-catalina 6 org.apache.spark:spark-core_2.10 6 net.opentsdb:opentsdb 6 org.owasp.antisamy:antisamy 6 org.opencms:opencms-core 6 io.jenkins.plugins:miniorange-saml-sp 6 org.jenkins-ci.plugins:pipeline-maven 5 org.apache.shenyu:shenyu-common 5 org.biouno:uno-choice 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:repository-connector 5 org.jenkins-ci.plugins:ghprb 5 org.jeecgframework.boot:jeecg-boot-common 5 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 5 com.synopsys.jenkinsci:ownership 5 tech.powerjob:powerjob 5 org.jenkins-ci.plugins:extended-choice-parameter 5 org.xwiki.commons:xwiki-commons-xml 5 xerces:xercesImpl 5 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 5 org.craftercms:craftercms 5 io.vertx:vertx-web 5 com.fasterxml.woodstox:woodstox-core 5 org.jenkins-ci.plugins:openshift-deployer 5 org.neo4j.procedure:apoc 5 org.jenkins-ci.plugins:ec2-deployment-dashboard 5 org.dspace:dspace-jspui 5 org.apache.hadoop:hadoop-client 5 org.owasp.esapi:esapi 5 org.bouncycastle:bcprov-jdk15on 5 com.hazelcast:hazelcast 5 org.jenkins-ci.plugins:mercurial 5 io.netty:netty-handler 5 org.apache.cxf.fediz:fediz-spring2 5 org.jenkins-ci.plugins:mailer 5 info.magnolia:magnolia-core 5 org.jeecgframework.boot:jeecg-boot-base-core 5 io.netty:netty-codec-http 5 org.apache.storm:storm-core 5 org.apache.ignite:ignite-core 5 org.codehaus.jettison:jettison 5 com.alibaba:dubbo 5 org.jboss.resteasy:resteasy-bom 5 org.apache.activemq:activemq-parent 5 org.infinispan:infinispan-core 5 edu.stanford.nlp:stanford-corenlp 5 org.jenkins-ci.plugins:codedx 5 org.apache.kafka:kafka 5 log4j:log4j 5 org.apache.struts:struts2-rest-plugin 4 org.jenkins-ci.plugins:tfs 4 org.jenkins-ci.plugins:hp-application-automation-tools-plugin 4 com.google.protobuf:protobuf-java 4 org.jenkins-ci.plugins:config-file-provider 4 org.jenkins-ci.plugins:ssh 4 org.jenkins-ci.plugins:requests 4 org.jenkins-ci.plugins:p4 4 org.jenkins-ci.plugins:cons3rt 4 org.jenkins-ci.plugins:junit 4 com.xebialabs.deployit.ci:deployit-plugin 4 org.jenkins-ci.plugins:google-login 4 org.jenkins-ci.plugins:coverity 4 org.jenkins-ci.plugins:google-compute-engine 4 org.jenkins-ci.plugins:rapiddeploy-jenkins 4 org.jenkins-ci.plugins:ansible 4 com.elasticbox.jenkins-ci.plugins:kubernetes-ci 4 org.jenkins-ci.plugins:libvirt-slave 4 org.jenkins-ci.plugins:crx-content-package-deployer 4 org.jenkins-ci.plugins:build-publisher 4 org.jenkins-ci.plugins:gitlab-oauth 4 org.jenkins-ci.plugins:ci-with-toad-edge 4 com.surenpi.jenkins:phoenix-autotest 4 org.jenkins-ci.plugins:kubernetes-cd 4 org.jenkins-ci.plugins:publish-over-ssh 4 org.apache.cassandra:cassandra-all 4 com.alibaba.nacos:nacos-common 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 com.h2database:h2 4 com.nimbusds:nimbus-jose-jwt 4 io.hawt:project 4 org.glassfish:javax.faces 4 struts:struts 4 com.compuware.jenkins:compuware-topaz-for-total-test 4 org.jenkins-ci.plugins:reportportal 4 org.jenkins-ci.plugins:katalon 4 org.jenkins-ci.plugins:rundeck 4 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki 4 org.jenkins-ci.plugins:deployer-framework 4 net.bull.javamelody:javamelody-core 4 awsiotsdk 4 org.apache.derby:derby 4 org.opensaml:opensaml 4 com.convertigo.jenkins.plugins:convertigo-mobile-platform 4 org.apache.ws.security:wss4j 4 org.springframework.security.oauth:spring-security-oauth2 4 org.apache.kylin:kylin-server-base 4 org.apache.thrift:libthrift 4 org.jolokia:jolokia-core 4 org.wildfly.security:wildfly-elytron 4 org.jenkins-ci.plugins:matrix-project 4 org.jenkins-ci.plugins:jira-steps 4 org.mortbay.jetty:jetty 4 org.jvnet.hudson.plugins:storable-configs-plugin 4 org.xwiki.platform:xwiki-platform-attachment-ui 4 io.swagger:swagger-codegen 4 com.itextpdf:itext7-core 4 com.typesafe.play:play_2.12 4 hudson.plugins:project-inheritance 4 org.opencastproject:opencast-common 4 org.apache.cxf:cxf-rt-frontend-jaxrs 4 com.vaadin:vaadin-server 4 io.ratpack:ratpack-core 4 org.directwebremoting:dwr 4 org.opensearch.plugin:opensearch-security 4 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 4 com.typesafe.play:play 4 org.jenkins-ci.plugins:wso2id-oauth 4 org.jenkins-ci.plugins:credentials 4 org.apache.ant:ant 4 org.apache.axis:axis 4 org.apache.qpid:qpid-broker 4 org.apache.olingo:odata-client-core 3 org.jenkins-ci.plugins:fortify-on-demand-uploader 3 org.apache.qpid:proton-j 3 io.vertx:vertx-core 3 com.orientechnologies:orientdb-studio 3 org.jenkins-ci.plugins:autocomplete-parameter 3 org.jenkins-ci.plugins:cloudbees-jenkins-advisor 3 io.apiman:apiman-manager-api-rest-impl 3 org.jenkins-ci.plugins:zephyr-for-jira-test-management 3 org.jenkins-ci.plugins:elastest 3 org.springframework.data:spring-data-commons 3 org.apache.spark:spark-core 3 org.restlet.jse:org.restlet 3 com.ctrip.framework.apollo:apollo 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.jenkins-ci.plugins:database 3 org.jenkins-ci.tools:git-parameter 3 io.jenkins.plugins:code-coverage-api 3 com.linecorp.armeria:armeria 3 org.jenkins-ci.plugins:liquibase-runner 3 com.google.protobuf:protobuf-javalite 3 org.springframework:spring-webflux 3 net.praqma:rqm-plugin 3 org.jenkins-ci.plugins:support-core 3 org.jenkins-ci.plugins:icescrum 3 org.eclipse.jetty:jetty-webapp 3 cn.hutool:hutool-json 3 org.jenkins-ci.plugins:promoted-builds 3 com.groupon.jenkins-ci.plugins:DotCi 3 com.xebialabs.ci:xlrelease-plugin 3 org.jenkins-ci.plugins:github-branch-source 3 org.jenkins-ci.plugins:vsphere-cloud 3 org.jenkins-ci.plugins:pipeline-input-step 3 com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter 3 org.jenkins-ci.plugins:google-kubernetes-engine 3 org.jenkins-ci.plugins:anchore-container-scanner 3 org.jenkins-ci.plugins:jira 3 org.jenkins-ci.plugins:dynatrace-dashboard 3 de.tum.in.ase:artemis-java-test-sandbox 3 org.jenkins-ci.plugins:bitbucket-oauth 3 org.apache.karaf:karaf 3 org.jenkins-ci.plugins:generic-webhook-trigger 3 org.jenkins-ci.plugins:sinatra-chef-builder 3 org.jenkins-ci.plugins:dbCharts 3 org.conjur.jenkins:conjur-credentials 3 org.jenkins-ci.plugins:rocketchatnotifier 3 org.jenkins-ci.plugins:role-strategy 3 org.igniterealtime.openfire:xmppserver 3 org.jenkins-ci.plugins:azure-credentials 3 org.apache.atlas:apache-atlas 3 com.xuxueli:xxl-job-core 3 org.jenkins-ci.plugins:cas-plugin 3 org.bouncycastle:bc-fips 3 org.bouncycastle:bcprov-jdk16 3 io.goobi.viewer:viewer-core 3 org.apache.unomi:unomi 3 org.richfaces:richfaces-core 3 org.graylog2:graylog2-server 3 org.springframework.data:spring-data-rest-core 3 org.apache.jmeter:ApacheJMeter 3 org.apache.sling:org.apache.sling.xss 3 org.jboss.resteasy:resteasy-core 3 org.apache.activemq:apache-artemis 3 io.projectreactor.netty:reactor-netty-http 3 org.jenkins-ci.plugins:pipeline-build-step 3 org.jenkins-ci.plugins:audit-trail 3 org.springframework.data:spring-data-jpa 3 fr.edf.jenkins.plugins:mac 3 com.adobe.acs:acs-aem-commons 3 org.apache.iotdb:iotdb-parent 3 com.geteasyqa:easyqa 3 org.jenkins-ci.plugins:embeddable-build-status 3 org.jenkins-ci.plugins:lucene-search 3 org.jenkins-ci.plugins:openstack-heat 3 org.jenkins-ci.plugins:recipe 3 org.jenkins-ci.plugins:gitlab-plugin 3 org.jenkins-ci.plugins:xpath-config-viewer 3 org.apache.sling:org.apache.sling.api 3 org.springframework.cloud:spring-cloud-config-server 3 org.jsoup:jsoup 3