| CVE-2016-9299 |
critical |
9.8 |
10.0 |
|
|
|
10y ago |
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins |
| CVE-2017-1000362 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
| CVE-2016-0792 |
high |
8.8 |
9.8 |
|
|
|
10y ago |
Jenkins allows Deserialization of Untrusted Data via an XML File |
| CVE-2016-0791 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Exposure of Sensitive Information in Jenkins Core |
| CVE-2016-0788 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Jenkins allows Execution of Code by Opening a JRMP Listener |
| CVE-2021-21686 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21692 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21691 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21689 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21687 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21685 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21688 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21694 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21690 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21693 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21696 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21695 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21697 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999002 |
high |
— |
9.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-7538 |
high |
8.8 |
8.8 |
|
|
|
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
| CVE-2015-7537 |
high |
8.8 |
8.8 |
|
|
|
11y ago |
Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack |
| CVE-2021-21671 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21670 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21610 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21611 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21605 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21607 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21604 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21603 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21608 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21606 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21602 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21609 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2019-10352 |
high |
— |
8.0 |
|
|
|
4y ago |
Improper Limitation of a Pathname to a Restricted Directory in Jenkins |
| CVE-2019-10353 |
high |
— |
8.0 |
|
|
|
4y ago |
Cross-Site Request Forgery in Jenkins |
| CVE-2019-10354 |
high |
— |
8.0 |
|
|
|
4y ago |
Missing Authorization in Jenkins |
| CVE-2017-1000355 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2017-1000356 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2017-1000354 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999006 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999007 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999004 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999005 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999001 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2018-1999003 |
high |
— |
8.0 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-7539 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
Jenkins does not Verify Checksums for Plugin Files |
| CVE-2015-5325 |
high |
— |
7.5 |
|
|
|
11y ago |
Jenkins allows Bypass of Access Restrictions |
| CVE-2015-1814 |
high |
— |
7.5 |
|
|
|
11y ago |
Jenkins allows for Privilege Escalation by Remote Authenticated Users |
| CVE-2014-2063 |
high |
— |
7.5 |
|
|
|
12y ago |
Jenkins Vulnerable to Clickjacking |
| CVE-2014-3666 |
high |
— |
7.5 |
|
|
|
12y ago |
Jenkins allows for Code Execution via Crafted Packet to the CLI |
| CVE-2013-0329 |
high |
— |
7.5 |
|
|
|
13y ago |
Jenkins Cross-Site Request Forgery vulnerability |
| CVE-2016-3726 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Jenkins affected by Open Redirect Vulnerability |
| CVE-2024-23897 |
unknown |
— |
2.5 |
|
|
|
2y ago |
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution. |
| CVE-2017-1000353 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… |
| CVE-2018-1000861 |
unknown |
— |
2.5 |
|
|
|
4y ago |
A code execution vulnerability exists in the Stapler web framework used by Jenkins |
| CVE-2015-5317 |
unknown |
— |
1.5 |
|
|
|
4y ago |
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. |
| CVE-2020-2229 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Jenkins Cross-Site Scripting vulnerability in help icons |
| CVE-2020-2230 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Jenkins Cross-site Scripting vulnerability in project naming strategy |
| CVE-2020-2231 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2026-33001 |
unknown |
— |
— |
|
|
|
3mo ago |
Jenkins has a link following vulnerability allows arbitrary file creation |
| CVE-2026-33002 |
unknown |
— |
— |
|
|
|
3mo ago |
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation |
| CVE-2026-27100 |
unknown |
— |
— |
|
|
|
4mo ago |
Jenkins has a build information disclosure vulnerability through Run Parameter |
| CVE-2026-27099 |
unknown |
— |
— |
|
|
|
4mo ago |
Jenkins has a stored XSS vulnerability in node offline cause description |
| CVE-2025-67635 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins has a Denial of service vulnerability in HTTP-based CLI |
| CVE-2025-67638 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins's build authorization token is stored and displayed in plain text |
| CVE-2025-67637 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins's build authorization token is stored and displayed in plain text |
| CVE-2025-67639 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins has a CSRF vulnerability on the login form |
| CVE-2025-67636 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins is missing a permission check on password fields |
| CVE-2025-59474 |
unknown |
— |
— |
|
|
|
9mo ago |
Jenkins has a missing permission check, allowing users to obtain agent names |
| CVE-2025-59476 |
unknown |
— |
— |
|
|
|
9mo ago |
Jenkins has a log message injection vulnerability |
| CVE-2025-31720 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Missing Permission Check |
| CVE-2025-31721 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Missing Permission Check |
| CVE-2025-27624 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins cross-site request forgery (CSRF) vulnerability |
| CVE-2025-27623 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission |
| CVE-2025-27622 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission |
| CVE-2025-27625 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Open Redirect vulnerability |
| CVE-2024-47803 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins exposes multi-line secrets through error messages |
| CVE-2024-47804 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins item creation restriction bypass vulnerability |
| CVE-2024-43044 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins Remoting library arbitrary file read vulnerability |
| CVE-2024-43045 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins does not perform a permission check in an HTTP endpoint |
| CVE-2024-23898 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI |
| CVE-2023-43494 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins does not exclude sensitive build variables from search |
| CVE-2023-43495 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins Cross-site Scripting vulnerability |
| CVE-2023-43497 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary uploaded file created with insecure permissions |
| CVE-2023-43498 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary uploaded file created with insecure permissions |
| CVE-2023-43496 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary plugin file created with insecure permissions |
| CVE-2023-39151 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins Stored Cross-site Scripting vulnerability |
| CVE-2023-35141 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins CSRF protection bypass vulnerability |
| CVE-2023-27903 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Authorization in Jenkins Core |
| CVE-2023-27904 |
unknown |
— |
— |
|
|
|
3y ago |
Information disclosure through error stack traces related to agents |
| CVE-2023-27898 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2023-27899 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Authorization in Jenkins Core |
| CVE-2023-27901 |
unknown |
— |
— |
|
|
|
3y ago |
Denial of service in Jenkins Core |
| CVE-2023-27902 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Permission Preservation in Jenkins Core |
| CVE-2023-27900 |
unknown |
— |
— |
|
|
|
3y ago |
Denial of service in Jenkins Core |
| CVE-2022-41224 |
unknown |
— |
— |
|
|
|
4y ago |
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component |
| CVE-2022-34173 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2022-34170 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2022-34175 |
unknown |
— |
— |
|
|
|
4y ago |
Unauthorized view fragment access in Jenkins |
| CVE-2022-34172 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
