ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.27.0), com.jpinpoint.sonar:sonar-pmd-jpinpoint (>=2.0.0 <=2.1.1) +116 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=7.0.0-rc1 <=7.21.0)

net.sourceforge.pmd:pmd-core MAVEN version =7.0.0-rc1, =1.6.0, =2.0.0, =0.25.1, =0.25.1, =1.0.0, =0.5.6, =0.5.41, =12.2.0, =3.31.0, =0.7.0, =0.67.2, =0.67.2, =2.0.0, =0.1.0, =0.1.19 and more Source cves: CVE-2026-28338 Source advisory: SNYK:JAVA-NETSOURCEFORGEPMD-15365925...

org.elasticsearch.test:framework (>=8.19.0 <=8.19.15), org.elasticsearch.test:yaml-rest-runner (>=8.19.0 <=8.19.15) +1 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.19.0 <=8.19.4)

org.elasticsearch:elasticsearch MAVEN version =8.19.0, =8.19.0, =8.19.0, =8.19.2, =8.19.4 Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...

EUVD-2022-4694

Malicious code in bioql PyPI...

ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.6.1), net.sourceforge.pmd:pmd-cli (>=7.0.0 <=7.1.0) +1 more potentially affected by CVE-2025-23215 via net.sourceforge.pmd:pmd-designer (=7.0.0)

net.sourceforge.pmd:pmd-designer MAVEN version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on net.sourceforge.pmd:pmd-designer and may be impacted: - ch.acanda.maven:code-analysis-maven-plugin =1.6.0, =7.0.0, =7.0.0, =7.1.0 Source cves:...

ch.acanda.maven:code-analysis-maven-plugin (>=0.1.0 <=1.6.1), com.eventoframework:evento-cli (>=ev1.4.1 <=ev1.15.1) +105 more potentially affected by CVE-2025-23215 via net.sourceforge.pmd:pmd-core (>=6.21.0 <=7.0.0)

net.sourceforge.pmd:pmd-core MAVEN version =6.21.0, =0.1.0, =ev1.4.1, =ev1.4.1, =2.17.0, =1.1.0, =1.0.2, =1.2.0, =0.18, =0.18, =0.18, =2.10.2, =2.6.1, =2.19.0 and more Source cves: CVE-2025-23215 Source advisory: OSV:GHSA-88M4-H43F-WX84...

SUSE CVE-2020-2247

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

[SECURITY] Fedora 37 Update: sonic-visualiser-4.5-3.fc37

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

[SECURITY] Fedora 36 Update: sonic-visualiser-4.5-2.fc36

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

XXE vulnerability in Jenkins Klocwork Analysis Plugin

Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets...

GHSA-P6C5-737R-2R93 XXE vulnerability in Jenkins Klocwork Analysis Plugin

Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the Klocwork plugin parser to have Jenkins parse a crafted file that uses external entities for extraction of secrets...

Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware

Helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point function Fix segments so all segments are RWX and have the correct semantics This allows for global function pointers to be rendered correctly Apply types for cor...

CVE-2020-2247

Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2247

CVE-2020-2247 affects the Jenkins Klocwork Analysis Plugin, where versions 2020.2.1 and earlier do not configure their XML parser to prevent XML external entity (XXE) attacks. This security gap could allow crafted input files to trigger XXE processing on the Jenkins server. The Connected document...

PT-2019-11710 · Jenkins · Jenkins Static Analysis Utilities Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Static Analysis Utilities Plugin versions 1.95 and earlier Description: A missing permission check in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job...

[SECURITY] Fedora 13 Update: sonic-visualiser-1.7.2-1.fc13

Sonic Visualiser is an application for viewing and analysing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...