| CVE-2016-9299 |
critical |
9.8 |
10.0 |
|
|
|
10y ago |
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins |
| CVE-2017-1000362 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
| CVE-2016-0791 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Exposure of Sensitive Information in Jenkins Core |
| CVE-2016-0788 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Jenkins allows Execution of Code by Opening a JRMP Listener |
| CVE-2021-21686 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21689 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21688 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21687 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21694 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21685 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21690 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21693 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21692 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21691 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21696 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21697 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2021-21695 |
critical |
— |
9.5 |
|
|
|
4y ago |
multiple issues in jenkins |
| CVE-2015-1808 |
low |
— |
3.5 |
|
|
|
11y ago |
Jenkins Vulnerable to Denial of Service (DoS) |
| CVE-2014-2068 |
low |
— |
3.5 |
|
|
|
12y ago |
Jenkins allows attackers to obtain sensitive information |
| CVE-2014-2067 |
low |
— |
3.5 |
|
|
|
12y ago |
Jenkins cross-site scripting (XSS) vulnerability |
| CVE-2012-6074 |
low |
— |
3.5 |
|
|
|
14y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2013-0158 |
low |
— |
2.6 |
|
|
|
14y ago |
Jenkins allows attackers to obtain the master cryptographic key |
| CVE-2011-4344 |
low |
— |
2.6 |
|
|
|
15y ago |
Jenkins allows Cross-Site Scripting (XSS) |
| CVE-2024-23897 |
unknown |
— |
2.5 |
|
|
|
2y ago |
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution. |
| CVE-2017-1000353 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… |
| CVE-2018-1000861 |
unknown |
— |
2.5 |
|
|
|
4y ago |
A code execution vulnerability exists in the Stapler web framework used by Jenkins |
| CVE-2013-2033 |
low |
— |
2.1 |
|
|
|
12y ago |
Jenkins vulnerable to Cross-site Scripting |
| CVE-2015-5317 |
unknown |
— |
1.5 |
|
|
|
4y ago |
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. |
| CVE-2020-2229 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Jenkins Cross-Site Scripting vulnerability in help icons |
| CVE-2020-2230 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Jenkins Cross-site Scripting vulnerability in project naming strategy |
| CVE-2020-2231 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2026-33002 |
unknown |
— |
— |
|
|
|
3mo ago |
Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation |
| CVE-2026-33001 |
unknown |
— |
— |
|
|
|
3mo ago |
Jenkins has a link following vulnerability allows arbitrary file creation |
| CVE-2026-27099 |
unknown |
— |
— |
|
|
|
4mo ago |
Jenkins has a stored XSS vulnerability in node offline cause description |
| CVE-2026-27100 |
unknown |
— |
— |
|
|
|
4mo ago |
Jenkins has a build information disclosure vulnerability through Run Parameter |
| CVE-2025-67638 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins's build authorization token is stored and displayed in plain text |
| CVE-2025-67637 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins's build authorization token is stored and displayed in plain text |
| CVE-2025-67635 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins has a Denial of service vulnerability in HTTP-based CLI |
| CVE-2025-67636 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins is missing a permission check on password fields |
| CVE-2025-67639 |
unknown |
— |
— |
|
|
|
6mo ago |
Jenkins has a CSRF vulnerability on the login form |
| CVE-2025-59476 |
unknown |
— |
— |
|
|
|
9mo ago |
Jenkins has a log message injection vulnerability |
| CVE-2025-59474 |
unknown |
— |
— |
|
|
|
9mo ago |
Jenkins has a missing permission check, allowing users to obtain agent names |
| CVE-2025-31720 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Missing Permission Check |
| CVE-2025-31721 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Missing Permission Check |
| CVE-2025-27624 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins cross-site request forgery (CSRF) vulnerability |
| CVE-2025-27622 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission |
| CVE-2025-27625 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins Open Redirect vulnerability |
| CVE-2025-27623 |
unknown |
— |
— |
|
|
|
1y ago |
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission |
| CVE-2024-47804 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins item creation restriction bypass vulnerability |
| CVE-2024-47803 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins exposes multi-line secrets through error messages |
| CVE-2024-43045 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins does not perform a permission check in an HTTP endpoint |
| CVE-2024-43044 |
unknown |
— |
— |
|
|
|
2y ago |
Jenkins Remoting library arbitrary file read vulnerability |
| CVE-2024-23898 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI |
| CVE-2023-43498 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary uploaded file created with insecure permissions |
| CVE-2023-43495 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins Cross-site Scripting vulnerability |
| CVE-2023-43494 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins does not exclude sensitive build variables from search |
| CVE-2023-43496 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary plugin file created with insecure permissions |
| CVE-2023-43497 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins temporary uploaded file created with insecure permissions |
| CVE-2023-39151 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins Stored Cross-site Scripting vulnerability |
| CVE-2023-35141 |
unknown |
— |
— |
|
|
|
3y ago |
Jenkins CSRF protection bypass vulnerability |
| CVE-2023-27902 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Permission Preservation in Jenkins Core |
| CVE-2023-27903 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Authorization in Jenkins Core |
| CVE-2023-27904 |
unknown |
— |
— |
|
|
|
3y ago |
Information disclosure through error stack traces related to agents |
| CVE-2023-27898 |
unknown |
— |
— |
|
|
|
3y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2023-27899 |
unknown |
— |
— |
|
|
|
3y ago |
Incorrect Authorization in Jenkins Core |
| CVE-2023-27901 |
unknown |
— |
— |
|
|
|
3y ago |
Denial of service in Jenkins Core |
| CVE-2023-27900 |
unknown |
— |
— |
|
|
|
3y ago |
Denial of service in Jenkins Core |
| CVE-2022-41224 |
unknown |
— |
— |
|
|
|
4y ago |
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component |
| CVE-2022-34175 |
unknown |
— |
— |
|
|
|
4y ago |
Unauthorized view fragment access in Jenkins |
| CVE-2022-34170 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2022-34173 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2022-34171 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2022-34174 |
unknown |
— |
— |
|
|
|
4y ago |
Observable timing discrepancy allows determining username validity in Jenkins |
| CVE-2022-34172 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Jenkins |
| CVE-2019-10406 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2019-10404 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2019-10402 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2019-10405 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
| CVE-2019-10401 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2019-10403 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2020-2222 |
unknown |
— |
— |
|
|
|
4y ago |
Stored XSS vulnerability in Jenkins 'keep forever' badge icon |
| CVE-2020-2220 |
unknown |
— |
— |
|
|
|
4y ago |
Stored XSS vulnerability in Jenkins job build time trend |
| CVE-2020-2221 |
unknown |
— |
— |
|
|
|
4y ago |
Stored XSS vulnerability in Jenkins upstream cause |
| CVE-2020-2223 |
unknown |
— |
— |
|
|
|
4y ago |
Stored XSS vulnerability in Jenkins console links |
| CVE-2020-2163 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2020-2162 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2020-2161 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Neutralization of Input During Web Page Generation in Jenkins |
| CVE-2020-2160 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-Site Request Forgery in Jenkins |
| CVE-2020-2105 |
unknown |
— |
— |
|
|
|
4y ago |
Jenkins REST APIs vulnerable to clickjacking |
| CVE-2020-2102 |
unknown |
— |
— |
|
|
|
4y ago |
Non-constant time HMAC comparison |
| CVE-2020-2103 |
unknown |
— |
— |
|
|
|
4y ago |
Jenkins Diagnostic page exposed session cookies |
| CVE-2020-2101 |
unknown |
— |
— |
|
|
|
4y ago |
Non-constant time comparison of inbound TCP agent connection secret |
| CVE-2020-2104 |
unknown |
— |
— |
|
|
|
4y ago |
Memory usage graphs accessible to anyone with Overall/Read |
| CVE-2020-2099 |
unknown |
— |
— |
|
|
|
4y ago |
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins |
| CVE-2020-2100 |
unknown |
— |
— |
|
|
|
4y ago |
Jenkins vulnerable to UDP amplification reflection attack |
| CVE-2015-1811 |
unknown |
— |
— |
|
|
|
4y ago |
XML external entity (XXE) vulnerability in Jenkins |
| CVE-2015-1809 |
unknown |
— |
— |
|
|
|
4y ago |
XML external entity (XXE) vulnerability in Jenkins |
| CVE-2017-1000503 |
unknown |
— |
— |
|
|
|
4y ago |
Race Condition in Jenkins |
| CVE-2018-1999046 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins |
| CVE-2018-1999042 |
unknown |
— |
— |
|
|
|
4y ago |
Deserialization of Untrusted Data in Jenkins |
