org.jenkins-ci.plugins
1,035 tracked vulnerabilities.
CVE-2026-9674
MEDIUM
Jenkins Multijob Plugin < 662.vd2e0001f6b_b_d - Cross-Site Request Forgery (CSRF)
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48927
MEDIUM
Jenkins Buildgraph-view Plugin < 1.8 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 27, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-48926
MEDIUM
Jenkins Job Import Plugin < 143.v044a_2e819b_27 - Improper Privilege Management
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48925
MEDIUM
Jenkins GitHub Integration Plugin < 0.7.3 - Cross-Site Request Forgery (CSRF)
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48924
MEDIUM
Jenkins Bitbucket OAuth Plugin < 0.17 - URL Redirection to Untrusted Site ('Open Redirect')
May 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-48922
HIGH
Jenkins Credentials Binding Plugin < 720.v3f6decef43ea_ - Remote Code Execution
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-48920
HIGH
Jenkins Email Extension Plugin < 1933.v45cec755423f - External Control of File Name or Path
May 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48919
MEDIUM
Jenkins Active Directory Plugin < 2.41 - Deserialization of Untrusted Data
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48918
MEDIUM
Jenkins Active Directory Plugin < 2.41 - Server-Side Request Forgery (SSRF)
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48917
MEDIUM
Jenkins LDAP Plugin < 807.v7d7de30930cf - Deserialization of Untrusted Data from LDAP Referrals
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-48916
MEDIUM
Jenkins Ldap Plugin < 807.v7d7de30930cf - Server-Side Request Forgery (SSRF)
May 27, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-42525
MEDIUM
Jenkins Microsoft Entra ID Plugin <=666.v6060de32f87d - Open Redirect
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42524
HIGH
Jenkins HTML Publisher Plugin < 427 - Stored Cross-Site Scripting in Legacy Wrapper File
Apr 29, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-42523
CRITICAL
Jenkins GitHub Plugin < 1.46.0 - Stored Cross-Site Scripting via GitHub Hook Trigger Validation
Apr 29, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-42522
MEDIUM
Jenkins GitHub Branch Source Plugin <=1967.vdea_d580c1a_b_a_ - Auth Bypass
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-42521
MEDIUM
Jenkins Project Jenkins Matrix Authorization Strategy Plugin < 3.2.9 - Information Disclosure
Apr 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42520
HIGH
Jenkins Project Jenkins Credentials Binding Plugin < 719.v80e905ef14eb_ - Remote Code Execution
Apr 29, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42519
MEDIUM
Jenkins Script Security Plugin <=1399.ve6a_66547f6e1 - Info Disclosure
Apr 29, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33004
MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33003
MEDIUM
Jenkins LoadNinja Plugin <=2.1 - Info Disclosure
Mar 18, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-67640
MEDIUM
Jenkins Git client Plugin < 6.4.1 - OS Command Injection via Workspace Directory Name
Dec 10, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-64150
MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential Capture via URL Connection
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64149
MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Cross-Site Request Forgery
Oct 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64148
MEDIUM
Jenkins Publish to Bitbucket Plugin < 0.4 - Missing Authorization for Credential ID Enumeration
Oct 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64147
MEDIUM
Jenkins Curseforge Publisher Plugin 1.0 - Sensitive Data Exposure via Unmasked API Keys
Oct 29, 2025
CVSS 4.3
EPSS 0.00
Products
script-security 35
git 13
email-ext 12
active-directory 11
config-file-provider 9
electricflow 9
credentials-binding 8
ec2 8
oic-auth 8
subversion 8
artifactory 7
htmlpublisher 7
jobConfigHistory 7
mercurial 7
openshift-deployer 7
rundeck 7
azure-ad 6
azure-vm-agents 6
ec2-deployment-dashboard 6
fortify-on-demand-uploader 6
ghprb 6
gitlab-oauth 6
gitlab-plugin 6
pipeline-maven 6
repository-connector 6
aws-codecommit-trigger 5
codedx 5
credentials 5
delphix 5
extended-choice-parameter 5
Quick Filters