org.jenkins-ci.plugins

1,035 tracked vulnerabilities.

CVE-2026-9674 MEDIUM
Jenkins Multijob Plugin < 662.vd2e0001f6b_b_d - Cross-Site Request Forgery (CSRF)
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48927 MEDIUM
Jenkins Buildgraph-view Plugin < 1.8 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-48926 MEDIUM
Jenkins Job Import Plugin < 143.v044a_2e819b_27 - Improper Privilege Management
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48925 MEDIUM
Jenkins GitHub Integration Plugin < 0.7.3 - Cross-Site Request Forgery (CSRF)
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48924 MEDIUM
Jenkins Bitbucket OAuth Plugin < 0.17 - URL Redirection to Untrusted Site ('Open Redirect')
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48922 HIGH
Jenkins Credentials Binding Plugin < 720.v3f6decef43ea_ - Remote Code Execution
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48920 HIGH
Jenkins Email Extension Plugin < 1933.v45cec755423f - External Control of File Name or Path
May 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48919 MEDIUM
Jenkins Active Directory Plugin < 2.41 - Deserialization of Untrusted Data
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48918 MEDIUM
Jenkins Active Directory Plugin < 2.41 - Server-Side Request Forgery (SSRF)
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48917 MEDIUM
Jenkins LDAP Plugin < 807.v7d7de30930cf - Deserialization of Untrusted Data from LDAP Referrals
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48916 MEDIUM
Jenkins Ldap Plugin < 807.v7d7de30930cf - Server-Side Request Forgery (SSRF)
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-42525 MEDIUM
Jenkins Microsoft Entra ID Plugin <=666.v6060de32f87d - Open Redirect
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42524 HIGH
Jenkins HTML Publisher Plugin < 427 - Stored Cross-Site Scripting in Legacy Wrapper File
Apr 29, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-42523 CRITICAL
Jenkins GitHub Plugin < 1.46.0 - Stored Cross-Site Scripting via GitHub Hook Trigger Validation
Apr 29, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-42522 MEDIUM
Jenkins GitHub Branch Source Plugin <=1967.vdea_d580c1a_b_a_ - Auth Bypass
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42521 MEDIUM
Jenkins Project Jenkins Matrix Authorization Strategy Plugin < 3.2.9 - Information Disclosure
Apr 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42520 HIGH
Jenkins Project Jenkins Credentials Binding Plugin < 719.v80e905ef14eb_ - Remote Code Execution
Apr 29, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42519 MEDIUM
Jenkins Script Security Plugin <=1399.ve6a_66547f6e1 - Info Disclosure
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33004 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33003 MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-67640 MEDIUM
Jenkins Git client Plugin < 6.4.1 - OS Command Injection via Workspace Directory Name
Dec 10, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-64150 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential Capture via URL Connection
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64149 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Cross-Site Request Forgery
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64148 MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential ID Enumeration
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64147 MEDIUM
Jenkins Curseforge Publisher Plugin 1.0 - Sensitive Data Exposure via Unmasked API Keys
Oct 29, 2025
CVSS 4.3
EPSS 0.00