Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.jenkins-ci.main:jenkins-core

View on maven registry
100 Total advisories
100 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 8.0
Maven

CVE-2026-53441

Jenkins: Stored XSS vulnerability in node offline cause description

HIGH 8.8
Maven

CVE-2026-33001

Jenkins has a link following vulnerability allows arbitrary file creation
HIGH 7.5
Maven

CVE-2026-33002

Jenkins has a DNS rebinding vulnerability in WebSocket CLI origin validation
MEDIUM 4.3
Maven

CVE-2026-27100

Jenkins has a build information disclosure vulnerability through Run Parameter

HIGH 8.0
Maven

CVE-2026-27099

Jenkins has a stored XSS vulnerability in node offline cause description
MEDIUM 5.3
Maven

CVE-2025-59476

Jenkins has a log message injection vulnerability
MEDIUM 4.3
Maven

CVE-2025-67638

Jenkins's build authorization token is stored and displayed in plain text
LOW 3.5
Maven

CVE-2025-67639

Jenkins has a CSRF vulnerability on the login form
LOW 3.6
Maven

CVE-2023-27903

Incorrect Authorization in Jenkins Core
MEDIUM 4.3
Maven

CVE-2024-47803

Jenkins exposes multi-line secrets through error messages
MEDIUM 4.3
Maven

CVE-2024-47804

Jenkins item creation restriction bypass vulnerability
HIGH 8.8
Maven

CVE-2023-27898

Cross-site Scripting vulnerability in Jenkins
MEDIUM 4.3
Maven

CVE-2025-27622

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
MEDIUM 5.4
Maven

CVE-2025-27624

Jenkins cross-site request forgery (CSRF) vulnerability
MEDIUM 5.3
Maven

CVE-2025-59474

Jenkins has a missing permission check, allowing users to obtain agent names
HIGH 8.8
Maven

CVE-2024-23898

Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
MEDIUM 4.3
Maven

CVE-2025-67637

Jenkins's build authorization token is stored and displayed in plain text
MEDIUM 4.3
Maven

CVE-2025-67636

Jenkins is missing a permission check on password fields
MEDIUM 4.3
Maven

CVE-2025-31720

Jenkins Missing Permission Check
CRITICAL 9.8
Maven KEV

CVE-2024-23897

Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
HIGH 7.5
Maven

CVE-2025-67635

Jenkins has a Denial of service vulnerability in HTTP-based CLI
MEDIUM 4.3
Maven

CVE-2025-27623

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
CRITICAL 9.0
Maven

CVE-2024-43044

Jenkins Remoting library arbitrary file read vulnerability
LOW 3.1
Maven

CVE-2023-27904

Information disclosure through error stack traces related to agents

MEDIUM 5.4
Maven

CVE-2024-43045

Jenkins does not perform a permission check in an HTTP endpoint
HIGH 7.0
Maven

CVE-2023-27899

Incorrect Authorization in Jenkins Core
MEDIUM 4.3
Maven

CVE-2023-27902

Incorrect Permission Preservation in Jenkins Core
MEDIUM 4.3
Maven

CVE-2025-59475

Jenkins is missing a permission check in the authenticated users' profile menu

MEDIUM 4.3
Maven

CVE-2025-31721

Jenkins Missing Permission Check
MEDIUM 4.3
Maven

CVE-2025-27625

Jenkins Open Redirect vulnerability

HIGH 7.5
Maven KEV

CVE-2015-5317

Jenkins discloses project names via fingerprints
CRITICAL 9.8
Maven KEV

CVE-2017-1000353

Deserialization of Untrusted Data in Jenkins
CRITICAL 9.8
Maven KEV

CVE-2018-1000861

Deserialization of Untrusted Data in Jenkins
HIGH 7.0
Maven

CVE-2023-43496

Jenkins temporary plugin file created with insecure permissions

UNKNOWN
Maven

CVE-2014-3662

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
UNKNOWN
Maven

CVE-2014-3681

Jenkins Cross-site Scripting vulnerability
UNKNOWN
Maven

CVE-2014-3680

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
UNKNOWN
Maven

CVE-2014-3664

Jenkins Path Traversal vulnerability
MEDIUM 6.5
Maven

CVE-2016-3724

Jenkins Exposes Sensitive Information from Job Configuration
MEDIUM 6.1
Maven

CVE-2016-0789

Jenkins has CRLF Injection Vulnerability in the CLI
CRITICAL 9.8
Maven

CVE-2016-0788

Jenkins allows Execution of Code by Opening a JRMP Listener
UNKNOWN
Maven

CVE-2015-1814

Jenkins allows for Privilege Escalation by Remote Authenticated Users
UNKNOWN
Maven

CVE-2015-1813

Jenkins allows Cross-Site Scripting (XSS)
UNKNOWN
Maven

CVE-2015-1810

Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation

UNKNOWN
Maven

CVE-2015-1808

Jenkins Vulnerable to Denial of Service (DoS)
UNKNOWN
Maven

CVE-2015-1806

Jenkins allows for Privilege Escalation by Remote Authenticated Users
UNKNOWN
Maven

CVE-2014-3667

Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code
UNKNOWN
Maven

CVE-2014-3666

Jenkins allows for Code Execution via Crafted Packet to the CLI
UNKNOWN
Maven

CVE-2014-2063

Jenkins Vulnerable to Clickjacking
UNKNOWN
Maven

CVE-2014-2060

Jenkins allows Remote Attackers to Hijack Sessions
UNKNOWN
Maven

CVE-2013-5573

Jenkins allows Cross-Site Scripting (XSS) in User Configuration
UNKNOWN
Maven

CVE-2011-4344

Jenkins allows Cross-Site Scripting (XSS)
HIGH 8.8
Maven

CVE-2016-0792

Jenkins allows Deserialization of Untrusted Data via an XML File
HIGH 7.5
Maven

CVE-2015-7539

Jenkins does not Verify Checksums for Plugin Files
MEDIUM 4.3
Maven

CVE-2016-3727

Jenkins Exposes Sensitive Information via API URL
HIGH 7.4
Maven

CVE-2016-3726

Jenkins affected by Open Redirect Vulnerability
MEDIUM 6.5
Maven

CVE-2016-3721

Jenkins allows Remote Users to Inject Build Parameters
HIGH 8.8
Maven

CVE-2015-7538

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
HIGH 8.8
Maven

CVE-2015-7537

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
UNKNOWN
Maven

CVE-2015-5326

Jenkins allows Cross-Site Scripting (XSS)
UNKNOWN
Maven

CVE-2015-5325

Jenkins allows Bypass of Access Restrictions
UNKNOWN
Maven

CVE-2015-5324

Jenkins allows Unauthorized Viewing of Queue API Information
UNKNOWN
Maven

CVE-2015-5323

Jenkins allows Administrators to Access API Tokens
UNKNOWN
Maven

CVE-2015-5322

Jenkins has Local File Inclusion Vulnerability
UNKNOWN
Maven

CVE-2015-5321

Jenkins has Information Disclosure via Sidepanel Widget
UNKNOWN
Maven

CVE-2015-5320

Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
UNKNOWN
Maven

CVE-2015-5319

Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
UNKNOWN
Maven

CVE-2015-5318

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack
UNKNOWN
Maven

CVE-2013-0331

Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload
UNKNOWN
Maven

CVE-2013-0330

Jenkins allows Remote Users to Build Arbitrary Jobs
UNKNOWN
Maven

CVE-2012-6074

Jenkins allows Cross-Site Scripting (XSS)
UNKNOWN
Maven

CVE-2012-6073

Jenkins affected by Open Redirect Vulnerability
UNKNOWN
Maven

CVE-2012-6072

Jenkins allows HTTP Injection and Response Splitting
UNKNOWN
Maven

CVE-2012-0325

Jenkins allows Cross-Site Scripting (XSS)
MEDIUM 6.1
Maven

CVE-2012-4439

Jenkins allows Cross-Site Scripting (XSS) via Crafted URL
HIGH 8.8
Maven

CVE-2012-4438

Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
UNKNOWN
Maven

CVE-2012-0324

Jenkins allows Cross-Site Scripting (XSS)
UNKNOWN
Maven

CVE-2014-3665

Jenkins improperly ensures trust separation
MEDIUM 5.3
Maven

CVE-2014-9634

Jenkins secure flag not set on session cookies
UNKNOWN
Maven

CVE-2013-0328

Jenkins subject to Cross-site Scripting
HIGH 7.5
Maven

CVE-2015-1811

XML external entity (XXE) vulnerability in Jenkins
MEDIUM 5.3
Maven

CVE-2014-9635

Jenkins HttpOnly flag not Set for session cookies
UNKNOWN
Maven

CVE-2013-2034

Jenkins Cross-Site Request Forgery vulnerabilities
UNKNOWN
Maven

CVE-2013-2033

Jenkins vulnerable to Cross-site Scripting
UNKNOWN
Maven

CVE-2013-7330

Jenkins allows attackers to configure restricted projects
UNKNOWN
Maven

CVE-2014-3661

Jenkins Denial of Service vulnerability
UNKNOWN
Maven

CVE-2014-3663

Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
UNKNOWN
Maven

CVE-2014-2068

Jenkins allows attackers to obtain sensitive information
UNKNOWN
Maven

CVE-2014-2066

Jenkins session fixation vulnerability
UNKNOWN
Maven

CVE-2013-0327

Jenkins Cross-Site Request Forgery vulnerability
UNKNOWN
Maven

CVE-2014-2067

Jenkins cross-site scripting (XSS) vulnerability
UNKNOWN
Maven

CVE-2014-2062

Jenkins does not invalidate the API token when a user is deleted
UNKNOWN
Maven

CVE-2014-2065

Jenkins cross-site scripting (XSS) vulnerability
UNKNOWN
Maven

CVE-2014-2059

Jenkins directory traversal vulnerability
UNKNOWN
Maven

CVE-2013-0158

Jenkins allows attackers to obtain the master cryptographic key
UNKNOWN
Maven

CVE-2014-2064

Jenkins allows attackers to determine whether a user exists
UNKNOWN
Maven

CVE-2013-0329

Jenkins Cross-Site Request Forgery vulnerability
UNKNOWN
Maven

CVE-2014-2058

Jenkins allows attackers to execute arbitrary jobs
HIGH 7.5
Maven

CVE-2012-0785

Hash collision attack vulnerability in Jenkins
UNKNOWN
Maven

CVE-2014-2061

Jenkin allows attackers to obtain passwords by reading the HTML source code

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes