org.apache.livy:livy-assembly (>=0.7.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.7.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-60012 via org.apache.livy:livy-server (>=0.7.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-60012 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15674462...

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: OSV:GHSA-H84F-4FF9-8HC3...

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15520260...

MAL-2023-8470 Malicious code in jest-coverage-report-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0a570942cc8be879311bbb1b601f658554c30fa3734aacac08c1c53289da55bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-XJ29-GFWW-J67G Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. Version 3.3.2.1 escapes clas...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

org.apache.livy:livy-assembly (=0.7.0-incubating), org.apache.livy:livy-coverage-report (=0.7.0-incubating) +2 more potentially affected by CVE-2021-26544 via org.apache.livy:livy-server (=0.7.0-incubating)

org.apache.livy:livy-server MAVEN version =0.7.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.livy:livy-server and may be impacted: - org.apache.livy:livy-assembly =0.7.0-incubating - org.apache.livy:livy-coverage-report...

PT-2020-15382 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.4 and earlier Description: The issue allows a user who can control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entitie...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

PT-2020-15350 · Jenkins · Jenkins Cobertura Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write...

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range o...