ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1884 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

Jenkins Extensible Choice Parameter Plugin 安全漏洞

Jenkins Extensible Choice Parameter Plugin is an open source parameter building plugin for Jenkins. A security vulnerability exists in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and prior versions, which stems from vulnerability to a cross-site request forgery attack that could...

PT-2025-44282

Name of the Vulnerable Software and Affected Versions Jenkins Extensible Choice Parameter Plugin versions 239.v5f5c278708cf and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Extensible Choice Parameter Plugin. This allows attackers to execute sandboxed Groovy...

EUVD-2022-3936

Malicious code in bioql PyPI...

EUVD-2022-1418

Malicious code in bioql PyPI...

EUVD-2024-47406

Malicious code in bioql PyPI...

EUVD-2022-2142

Malicious code in bioql PyPI...

EUVD-2022-2970

Malicious code in bioql PyPI...

EUVD-2022-4223

Malicious code in bioql PyPI...

MAL-2025-41294 Malicious code in heft-parameter-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6082dd30329215006112f50c3006a58f4437a48913646c4551e68d48e2d768e7 The OpenSSF Package Analysis project identified 'heft-parameter-plugin' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

Malicious code in heft-parameter-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6082dd30329215006112f50c3006a58f4437a48913646c4551e68d48e2d768e7 The OpenSSF Package Analysis project identified 'heft-parameter-plugin' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

CVE-2025-7808

The CVE-2025-7808 issue affects the WP Shopify WordPress plugin prior to version 1.5.4, where an input parameter is not sanitized/escaped before being reflected on the page, enabling a Reflected XSS against high-privilege users (e.g., admins). Multiple sources (Red Hat, patchstack, NVD/NVD-enrich...

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

A new report by VulnCheck exposes a critical command injection flaw CVE-2025-53652 in the Jenkins Git Parameter plugin.…...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

Improper Validation of Specified Type of Input

Overview org.jenkins-ci.tools:git-parameter is a git parameter Jenkins plugin. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via insufficient validation of submitted Git parameter values. An attacker can inject arbitrary values into Git...

Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...