CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190880 Malicious code in @posthog/github-release-tracking-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb87af9bbf0349dfcf64e3a477f69780fd16d5d4d8e0269f263dc25214fd2f00 The package @posthog/github-release-tracking-plugin was found to contain malicious code. Source: ghsa-malware...

EUVD-2022-6345

Malicious code in bioql PyPI...

EUVD-2022-2966

Malicious code in bioql PyPI...

EUVD-2022-5382

Malicious code in bioql PyPI...

EUVD-2022-5446

Malicious code in bioql PyPI...

EUVD-2022-5090

Malicious code in bioql PyPI...

EUVD-2022-4258

Malicious code in bioql PyPI...

EUVD-2022-3866

Malicious code in bioql PyPI...

EUVD-2022-3031

Malicious code in bioql PyPI...

EUVD-2022-5564

Malicious code in bioql PyPI...

CVE-2020-2292

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

CVE-2019-10359

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...

CVE-2019-10361

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...

CVE-2019-10360

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

SUSE CVE-2018-1000013

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...

Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs

XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...