CVEs from 2020

3,795 normalized CVEs published or assigned in this year.

Total

3,795

critical

critical 206

high

high 563

medium

medium 745

low

low 59

% Critical

5.4%

% with KEV

3.8%

% with exploit

5.4%

Top vendors

Top packages

PyPI/tensorflow-cpu 146
PyPI/tensorflow-gpu 146
PyPI/tensorflow 146
Packagist/drupal/core 67
PyPI/salt 64
PyPI/ansible 61
Packagist/magento/community-edition 61
Maven/com.fasterxml.jackson.core:jackson-databind 55

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2020-2176	unknown	—	—	4y ago	XSS vulnerability in Jenkins useMango Runner Plugin
CVE-2020-2174	unknown	—	—	4y ago	Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin
CVE-2020-11610	unknown	—	—	4y ago	xdlocalstorage does not verify request origin
CVE-2020-2173	unknown	—	—	4y ago	XSS vulnerability in Jenkins Gatling Plugin
CVE-2020-2172	unknown	—	—	4y ago	XXE vulnerability in Jenkins Code Coverage API Plugin
CVE-2020-10960	unknown	—	—	4y ago	MediaWiki makeCollapsible allows applying event handler to any CSS selector
CVE-2020-7009	unknown	—	—	4y ago	Improper Privilege Management in Elasticsearch
CVE-2020-7599	unknown	—	—	4y ago	Exposure of Sensitive Information in Gradle publish plugin
CVE-2020-2169	unknown	—	—	4y ago	Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
CVE-2020-2171	unknown	—	—	4y ago	XXE vulnerability in Jenkins RapidDeploy Plugin
CVE-2020-2168	unknown	—	—	4y ago	RCE vulnerability in Jenkins Azure Container Service Plugin
CVE-2020-2167	unknown	—	—	4y ago	RCE vulnerability in Jenkins OpenShift Pipeline Plugin
CVE-2020-2162	unknown	—	—	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2165	unknown	—	—	4y ago	Passwords transmitted in plain text by Jenkins Artifactory Plugin
CVE-2020-2170	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins RapidDeploy Plugin
CVE-2020-2166	unknown	—	—	4y ago	RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
CVE-2020-2163	unknown	—	—	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2161	unknown	—	—	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2164	unknown	—	—	4y ago	Passwords stored in plain text by Jenkins Artifactory Plugin
CVE-2020-2160	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins
CVE-2020-10793	unknown	—	—	4y ago	CodeIgniter Improper Privilege Management
CVE-2020-10804	unknown	—	—	4y ago	In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/Use…
CVE-2020-10806	unknown	—	—	4y ago	eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
CVE-2020-10803	unknown	—	—	4y ago	In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results…
CVE-2020-10802	unknown	—	—	4y ago	In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search act…
CVE-2020-9471	unknown	—	—	4y ago	Umbraco CMS Authenticated File Upload
CVE-2020-8141	unknown	—	—	4y ago	The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
CVE-2020-9543	unknown	—	—	4y ago	OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attack…
CVE-2020-0811	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-0812	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-5203	unknown	—	—	4y ago	Fat-Free Framework arbitrary code execution
CVE-2020-2157	unknown	—	—	4y ago	Credentials transmitted in plain text by Skytap Cloud CI Plugin
CVE-2020-2159	unknown	—	—	4y ago	OS command injection in CryptoMove Plugin
CVE-2020-2158	unknown	—	—	4y ago	Remote Code Execution vulnerability in Jenkins Literate Plugin
CVE-2020-2156	unknown	—	—	4y ago	Credentials transmitted in plain text by Jenkins DeployHub Plugin
CVE-2020-2153	unknown	—	—	4y ago	Credentials transmitted in plain text by Backlog Plugin
CVE-2020-2152	unknown	—	—	4y ago	Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)
CVE-2020-2148	unknown	—	—	4y ago	Missing permission checks in Mac Plugin
CVE-2020-2146	unknown	—	—	4y ago	Missing SSH host key validation in Mac Plugin
CVE-2020-2155	unknown	—	—	4y ago	Credentials transmitted in plain text by OpenShift Deployer Plugin
CVE-2020-2154	unknown	—	—	4y ago	Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
CVE-2020-2151	unknown	—	—	4y ago	Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
CVE-2020-2144	unknown	—	—	4y ago	XXE vulnerability in Rundeck Plugin
CVE-2020-2143	unknown	—	—	4y ago	Credentials transmitted in plain text by Jenkins Logstash Plugin
CVE-2020-2138	unknown	—	—	4y ago	XXE vulnerability in Jenkins Cobertura Plugin
CVE-2020-2147	unknown	—	—	4y ago	CSRF vulnerability in Mac Plugin
CVE-2020-2141	unknown	—	—	4y ago	CSRF vulnerability in Jenkins P4 Plugin
CVE-2020-2142	unknown	—	—	4y ago	Missing permission checks in Jenkins P4 Plugin
CVE-2020-2150	unknown	—	—	4y ago	Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
CVE-2020-2149	unknown	—	—	4y ago	Credentials transmitted in plain text by Repository Connector Plugin
CVE-2020-2145	unknown	—	—	4y ago	Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
CVE-2020-2134	unknown	—	—	4y ago	Sandbox bypass vulnerability in Script Security Plugin
CVE-2020-2137	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins Timestamper Plugin
CVE-2020-2139	unknown	—	—	4y ago	Arbitrary file write vulnerability in Jenkins Cobertura Plugin
CVE-2020-2135	unknown	—	—	4y ago	Sandbox bypass vulnerability in Script Security Plugin
CVE-2020-2136	unknown	—	—	4y ago	Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
CVE-2020-2140	unknown	—	—	4y ago	XSS vulnerability in Jenkins Audit Trail Plugin
CVE-2020-10236	unknown	—	—	4y ago	Froxlor Information Disclosure
CVE-2020-10235	unknown	—	—	4y ago	Froxlor arbitrary code execution via the database configuration options
CVE-2020-10237	unknown	—	—	4y ago	Froxlor Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9757	unknown	—	—	4y ago	SEOmatic for CraftCMS allows Server-Side Template Injection
CVE-2020-5188	unknown	—	—	4y ago	DNN File Upload Vulnerability
CVE-2020-5187	unknown	—	—	4y ago	DNN Path Traversal via Zip Slip
CVE-2020-5186	unknown	—	—	4y ago	DNN XSS Vulnerability
CVE-2020-8441	unknown	—	—	4y ago	Deserialization of Untrusted Data in JYaml
CVE-2020-9016	unknown	—	—	4y ago	Dolibarr ERP and CRM contain XSS Vulnerability
CVE-2020-2133	unknown	—	—	4y ago	Password stored in plain text by Applatix Plugin
CVE-2020-2131	unknown	—	—	4y ago	Passwords stored in plain text by Harvest SCM Plugin
CVE-2020-2130	unknown	—	—	4y ago	Passwords stored in plain text by Harvest SCM Plugin
CVE-2020-2123	unknown	—	—	4y ago	RCE vulnerability in RadarGun Plugin
CVE-2020-2124	unknown	—	—	4y ago	Password stored in plain text by Dynamic Extended Choice Parameter Plugin
CVE-2020-2120	unknown	—	—	4y ago	XXE vulnerability in FitNesse Plugin
CVE-2020-2122	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins brakeman Plugin
CVE-2020-2126	unknown	—	—	4y ago	Token stored in plain text by DigitalOcean Plugin
CVE-2020-2132	unknown	—	—	4y ago	Password stored in plain text by Parasoft Environment Manager Plugin
CVE-2020-2125	unknown	—	—	4y ago	Credentials stored in plain text by debian-package-builder Plugin
CVE-2020-2127	unknown	—	—	4y ago	Credential stored in plain text by BMC Release Package and Deployment Plugin
CVE-2020-2121	unknown	—	—	4y ago	RCE vulnerability in Google Kubernetes Engine Plugin
CVE-2020-2128	unknown	—	—	4y ago	Password stored in plain text by ECX Copy Data Management Plugin
CVE-2020-2129	unknown	—	—	4y ago	Plaintext Storage of a Password in Jenkins Eagle Tester Plugin
CVE-2020-2112	unknown	—	—	4y ago	Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)
CVE-2020-2116	unknown	—	—	4y ago	CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials
CVE-2020-2115	unknown	—	—	4y ago	XXE vulnerability in NUnit Plugin
CVE-2020-2117	unknown	—	—	4y ago	Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
CVE-2020-2111	unknown	—	—	4y ago	Subversion Plugin stored XSS vulnerability
CVE-2020-2119	unknown	—	—	4y ago	Client secret transmitted in plain text by Azure AD Plugin
CVE-2020-2109	unknown	—	—	4y ago	Improper Input Validation in Jenkins Pipeline: Groovy Plugin
CVE-2020-2113	unknown	—	—	4y ago	Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)
CVE-2020-2114	unknown	—	—	4y ago	Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
CVE-2020-2118	unknown	—	—	4y ago	Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin
CVE-2020-2110	unknown	—	—	4y ago	Improper Input Validation in Jenkins Script Security Plugin
CVE-2020-0767	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-0712	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-0710	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-0713	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-0711	unknown	—	—	4y ago	ChakraCore RCE Vulnerability
CVE-2020-3719	unknown	—	—	4y ago	Magento sql injection vulnerability
CVE-2020-3758	unknown	—	—	4y ago	Magento stored cross-site scripting vulnerability
CVE-2020-3717	unknown	—	—	4y ago	Magento Path Traversal
CVE-2020-3715	unknown	—	—	4y ago	Magento stored cross-site scripting vulnerability

CVEs from 2020

Top vendors

Top products

Top packages