com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +48 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

CVE-2019-11350

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Cross-site Scripting (XSS)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of server responses, which allows an attacker to inject malicious scripts that execute in the context of users viewing the affected content...

EUVD-2019-3029

Malware in sbrugna...

EUVD-2023-2769

Malicious code in bioql PyPI...

EUVD-2022-4091

Malicious code in bioql PyPI...

EUVD-2023-2710

Malicious code in bioql PyPI...

EUVD-2022-4967

Malicious code in bioql PyPI...

EUVD-2022-4826

Malicious code in bioql PyPI...

EUVD-2022-3060

Malicious code in bioql PyPI...

EUVD-2022-4452

Malicious code in bioql PyPI...

EUVD-2022-4982

Malicious code in bioql PyPI...

EUVD-2022-3497

Malicious code in bioql PyPI...

EUVD-2025-14881

Malicious code in bioql PyPI...

CVE-2021-21647

Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...

CVE-2020-2094

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient...

CVE-2020-2093

A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient...

CVE-2025-47885

Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...

GHSA-XRPQ-4G9W-QRWJ Jenkins Health Advisor by CloudBees Plugin Vulnerable to Cross-Site Scripting

Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...