44 matches found
ROOT-APP-MAVEN-CVE-2026-39304 CVE-2026-39304 in io.root.org.apache.activemq:activemq-client - Patched by Root
Root has patched CVE-2026-39304 in the io.root.org.apache.activemq:activemq-client package for Root:Maven. Multiple fixed versions available...
com.barchart.jenkins:maven-release-cascade (>=1.1.0 <=1.3.2), com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.8.0 <=2.10.1) potentially affected by CVE-2026-42523 via org.jenkins-ci.plugins:git (>=1.2.0 <=1.3.0)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.1.0, =2.8.0, =2.10.1 Source cves: CVE-2026-42523 Source advisory: OSV:GHSA-W22P-4X9F-486V...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...
EUVD-2022-3866
Malicious code in bioql PyPI...
EUVD-2022-2966
Malicious code in bioql PyPI...
EUVD-2022-3031
Malicious code in bioql PyPI...
EUVD-2022-5446
Malicious code in bioql PyPI...
EUVD-2022-5090
Malicious code in bioql PyPI...
CVE-2019-10359
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...
CVE-2019-10361
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-36882 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36882 Source advisory: OSV:GHSA-8XWJ-2WGH-GPRH...
GHSA-7MF5-79GV-66GH Jenkins Maven Release Plug-in Plugin XXE vulnerability
Jenkins Maven Release Plug-in Plugin retrieves XML from Nexus repository manager APIs. Maven Release Plug-in Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. While Jenkins users without Overall/Administer permission are not allowed to configu...
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)
org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +771 more potentially affected by CVE-2013-2033 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.509)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =1.0, =1.0, =1.2 - com.cloudbees.jenkins.plugins:cloudbees-credentials =3.3 and more Source cves: CVE-2013-2033 Source advisory: OSV:GHSA-826F-32QM-VM3J...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5317 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5317 Source advisory: OSV:GHSA-8PQX-3RXX-F5PM...
br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-1003011 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.5)
org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-1003011 Source advisory: OSV:GHSA-23H9-M55M-C5JP...
CloudBees Jenkins Maven Release Plugin Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Maven Release Plugin is used in one of the...