Security Deep Dive
Jenkins
Security posture and CVE patch evidence from tracked releases.
5 actively-exploited dependency CVEs affects jenkins-2.565.
KEV-listed CVEs are confirmed exploited in the wild — patch urgently.
Versions by Severity
CVEs are attributed to tracked releases published before the patch release.
| Version | Published | C | H | M | L | KEV | Notes |
|---|---|---|---|---|---|---|---|
| jenkins-2.565 | 2026-05-20 | — | — | — | — | — |
Latest
|
| jenkins-2.555.2 | 2026-05-13 | — | — | — | — | — |
—
|
| jenkins-2.564 | 2026-05-12 | — | — | — | — | — |
Patches
CVE-2015-5317
Patches
CVE-2017-1000353
Patches
CVE-2018-1000861
Patches
CVE-2021-39144
Patches
CVE-2024-23897
|
| jenkins-2.563 | 2026-05-05 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.562 | 2026-04-28 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.561 | 2026-04-21 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.560 | 2026-04-21 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.555.1 | 2026-04-15 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.559 | 2026-04-14 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.558 | 2026-04-07 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.557 | 2026-03-31 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.556 | 2026-03-24 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.555 | 2026-03-18 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.541.3 | 2026-03-18 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.554 | 2026-03-10 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.553 | 2026-03-03 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.552 | 2026-02-24 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.551 | 2026-02-18 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.541.2 | 2026-02-18 | 3 | 2 | — | — | KEV 5 |
—
|
| jenkins-2.550 | 2026-02-10 | 3 | 2 | — | — | KEV 5 |
—
|
— Signed
— SLSA
— SBOM
✗ Security policy
Weekly cadence · 6d median
Active maintainer
Trust Signals — 2 of 9 Present
Evidence already collected from releases and repository metadata.
2/9
Present
Signed releases
Unknown
Latest release artifact signature
Latest release
—
SLSA provenance
Unknown
Attestation predicate level
Latest release
—
SBOM published
Unknown
GitHub SBOM API
Latest release
—
SECURITY.md
Absent
GitHub repository metadata
Repository policy
Checked: 22d ago
Release cadence: weekly
Present
6d median over recent releases
Release history
Latest release: 14d ago
Maintainer active
Present
Recent commit activity
Repository
Last commit: 1d ago
Checksums (SHA256SUMS)
Not active yet
SHA256SUMS or equivalent
Release asset
Latest release: 14d ago
GitHub Actions attestation
Not active yet
actions/attest-build-provenance
Workflow file
Latest release: 14d ago
Signing assets
Not active yet
.sig, .crt, cosign.pub, or similar
Release asset
Latest release: 14d ago
0.7/10
Security Score
5.5/10
Scorecard
Dependency Exposure
320 transitive dependency
CVEs found in the latest SBOM.
27 critical.
Security Score
A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.
epss
0.00 / 0.5
Max EPSS 0.945
freshness
1.00 / 1.0
1d stale
scorecard
2.20 / 4.0
Score 5.5/10
cve health
0.00 / 2.5
⚠ No direct scan — 27c/95h transitive CVEs
patch speed
0.50 / 0.5
⚠ Estimated — no CVE patch history
kev exposure
-1.50 / 1.5
KEV exposure detected
supply chain risk
-1.50 / 10.0
Risk 100.0/100
Score breakdown
schema v2Vulnerability posture
vulnerability posture
0.0
25%
direct cves: clear
cve scan: estimated
Release responsiveness
release responsiveness
10.0
5%
patch speed days: no_history
Dependency exposure
dependency exposure
0.0
10%
supply chain risk: 100.0
transitive cves: 27c/95h
Provenance trust
provenance trust
5.5
40%
scorecard score: 5.5
openssf badge: none
Maintainer health
maintainer health
10.0
10%
activity freshness: 1d
Operational risk
operational risk
0.0
10%
kev exposure: detected
epss max: 0.945
How is this calculated?
The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.
Supply Chain Risk
Risk 100.0/100
27
Transitive critical CVEs
5
KEV-transitive CVEs
74%
Dependency freshness
Scorecard
Scorecard 5.5/10OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.
| Check | Score | Reason |
|---|---|---|
| Maintained | 10 | 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 |
| Code-Review | 5 | Found 7/12 approved changesets -- score normalized to 5 |
| Packaging | -1 | packaging workflow not detected |
| Token-Permissions | 0 | detected GitHub workflow tokens with excessive permissions |
| Dangerous-Workflow | 10 | no dangerous workflow patterns detected |
| CII-Best-Practices | 5 | badge detected: Passing |
| License | 10 | license file detected |
| Fuzzing | 0 | project is not fuzzed |
| Security-Policy | 10 | security policy file detected |
| Signed-Releases | 0 | Project has not signed or included provenance with any releases. |
| Binary-Artifacts | 10 | no binaries found in the repo |
| Pinned-Dependencies | 9 | dependency not pinned by hash detected -- score normalized to 9 |
| Branch-Protection | 3 | branch protection is not maximal on development and all release branches |
| SAST | 0 | SAST tool is not run on all commits -- score normalized to 0 |
CVE Patch History
Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.
CVEs Patched by Year
Critical
High
Medium
Low
2026
5
| CVE | Severity | EPSS | Disclosed | Fixed in | Days to fix | vs Ecosystem Median | KEV |
|---|---|---|---|---|---|---|---|
| CVE-2015-5317 | HIGH | 97%ile | — | jenkins-2.564 | — | — | KEV |
| CVE-2017-1000353 | CRITICAL | 99%ile | — | jenkins-2.564 | — | — | KEV |
| CVE-2018-1000861 | CRITICAL | 100%ile | — | jenkins-2.564 | — | — | KEV |
| CVE-2021-39144 | HIGH | 99%ile | — | jenkins-2.564 | — | — | KEV |
| CVE-2024-23897 | CRITICAL | 99%ile | — | jenkins-2.564 | — | — | KEV |
KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.
Dependency Vulnerabilities
889 dependencies scanned
View full dependency list →
Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.
Critical
27
High
95
Medium
176
Low
22
Unknown
0
5 dependency vulnerabilities are in KEV.
CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.
Critical
27
High
95
Medium
176
Low
22
| CVE | Severity | KEV | Dependency | Affected version | Cleared in release |
|---|---|---|---|---|---|
| CVE-2013-7285 | critical | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2015-3253 | critical | — | org.codehaus.groovy:groovy-all | — | jenkins-2.564 |
| CVE-2015-7501 | critical | — | commons-collections:commons-collections | — | jenkins-2.564 |
| CVE-2016-0788 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-0791 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-6814 | critical | — | org.codehaus.groovy:groovy-all | — | jenkins-2.564 |
| CVE-2016-9299 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000353 | critical | KEV | org.jenkins-ci.main:jenkins-core | — | jenkins-2.555.2 |
| CVE-2017-1000362 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000861 | critical | KEV | org.jenkins-ci.main:jenkins-core | — | jenkins-2.555.2 |
| CVE-2019-10173 | critical | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21685 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21686 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21687 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21688 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21689 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21690 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21691 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21692 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21693 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21694 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21695 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21697 | critical | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-22978 | critical | — | org.springframework.security:spring-security-web | — | jenkins-2.564 |
| CVE-2024-23897 | critical | KEV | org.jenkins-ci.main:jenkins-core | — | jenkins-2.555.2 |
| CVE-2024-38821 | critical | — | org.springframework.security:spring-security-web | — | jenkins-2.564 |
| CVE-2026-22732 | critical | — | org.springframework.security:spring-security-web | — | jenkins-2.564 |
| CVE-2012-0785 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-4438 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-0114 | high | — | commons-beanutils:commons-beanutils | — | jenkins-2.564 |
| CVE-2015-1809 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1811 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5317 | high | KEV | org.jenkins-ci.main:jenkins-core | — | jenkins-2.555.2 |
| CVE-2015-6420 | high | — | commons-collections:commons-collections | — | jenkins-2.564 |
| CVE-2015-7537 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-7538 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-7539 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-0792 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3674 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2016-3726 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000354 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000356 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000391 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000393 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000394 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000503 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000504 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2608 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-7957 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2018-1000194 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000410 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000863 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999001 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999002 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999043 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-1003003 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-1003004 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-1003049 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10086 | high | — | commons-beanutils:commons-beanutils | — | jenkins-2.564 |
| CVE-2019-10353 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10384 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-9843 | high | — | com.diffplug.spotless:spotless-maven-plugin | — | jenkins-2.564 |
| CVE-2020-11979 | high | — | org.apache.ant:ant | — | jenkins-2.564 |
| CVE-2020-2099 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2160 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2220 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2221 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2222 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2223 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2229 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2230 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-26217 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21341 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21604 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21605 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21671 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21696 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-22112 | high | — | org.springframework.security:spring-security-web | — | jenkins-2.564 |
| CVE-2021-29505 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39139 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39141 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39144 | high | KEV | com.thoughtworks.xstream:xstream | — | jenkins-2.555.2 |
| CVE-2021-39145 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39146 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39147 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39148 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39149 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39150 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39151 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39152 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39153 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-39154 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-43859 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2022-34170 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-34171 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-34172 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-34173 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-34175 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-40151 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2022-41224 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-41966 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2023-27898 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-27899 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-27901 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-35141 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-39151 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-43495 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-43496 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-23898 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-43044 | high | — | org.jenkins-ci.main:remoting | — | jenkins-2.564 |
| CVE-2024-43044 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-47072 | high | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2024-47554 | high | — | commons-io:commons-io | — | jenkins-2.564 |
| CVE-2025-48734 | high | — | commons-beanutils:commons-beanutils | — | jenkins-2.564 |
| CVE-2025-48976 | high | — | org.apache.commons:commons-fileupload2-core | — | jenkins-2.564 |
| CVE-2025-67635 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-27099 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-33001 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-33002 | high | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-44728 | high | — | @babel/plugin-transform-modules-systemjs | 7.29.0 | jenkins-2.564 |
| CVE-2026-6321 | high | — | fast-uri | 3.1.0 | jenkins-2.564 |
| CVE-2026-6322 | high | — | fast-uri | 3.1.0 | jenkins-2.564 |
| CVE-2012-4439 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-6072 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0327 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0328 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0329 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0330 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0331 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-2033 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-2034 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-7330 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2058 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2059 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2060 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2061 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2062 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2063 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2064 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2065 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2066 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2067 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3661 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3662 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3663 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3664 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3665 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3666 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3667 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3680 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-3681 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-9634 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-9635 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1806 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1810 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1812 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1814 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5319 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5320 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5321 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5322 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5323 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5324 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5325 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-7536 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-0789 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-0790 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3721 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3722 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3723 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3724 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3725 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2016-3727 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000355 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000392 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000395 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000396 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000398 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000399 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000400 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-17383 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2598 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2599 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2600 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2601 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2602 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2604 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2606 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2607 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2609 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2610 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2611 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2612 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2613 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000067 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000068 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000169 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000170 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000192 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000193 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000195 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000406 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000407 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000408 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000409 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000862 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000864 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1000997 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-10237 | medium | — | com.google.guava:guava | — | jenkins-2.564 |
| CVE-2018-1999003 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999004 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999005 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999006 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999007 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999042 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999044 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999045 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999046 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-1999047 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2018-6356 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-1003050 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10352 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10354 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10383 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10401 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10402 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10403 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10404 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10405 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2019-10406 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-17521 | medium | — | org.codehaus.groovy:groovy-all | — | jenkins-2.564 |
| CVE-2020-1945 | medium | — | org.apache.ant:ant | — | jenkins-2.564 |
| CVE-2020-2100 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2101 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2102 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2103 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2104 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2161 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2162 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2163 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2231 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-26258 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2020-26259 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21342 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21343 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21344 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21345 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21346 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21347 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21348 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21349 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21350 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21351 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2021-21602 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21603 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21606 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21607 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21608 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21609 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21610 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21611 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21615 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21639 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21640 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21670 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21682 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-21683 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2021-29425 | medium | — | commons-io:commons-io | — | jenkins-2.564 |
| CVE-2021-36373 | medium | — | org.apache.ant:ant | — | jenkins-2.564 |
| CVE-2021-36374 | medium | — | org.apache.ant:ant | — | jenkins-2.564 |
| CVE-2021-39140 | medium | — | com.thoughtworks.xstream:xstream | — | jenkins-2.564 |
| CVE-2022-0538 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-20612 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2022-34174 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-27900 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-27902 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-2976 | medium | — | com.google.guava:guava | — | jenkins-2.564 |
| CVE-2023-43494 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-43045 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-47803 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-47804 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-27622 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-27623 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-27624 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-27625 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-31720 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-31721 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-48924 | medium | — | commons-lang:commons-lang | 2.6 | jenkins-2.564 |
| CVE-2025-59474 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-59475 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-59476 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-64718 | medium | — | js-yaml | 3.14.1 | jenkins-2.564 |
| CVE-2025-67636 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-67637 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2025-67638 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-22747 | medium | — | org.springframework.security:spring-security-web | — | jenkins-2.564 |
| CVE-2026-27100 | medium | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2026-42338 | medium | — | ip-address | 10.1.0 | jenkins-2.564 |
| CVE-2011-4344 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-0324 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-0325 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-6073 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2012-6074 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-0158 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2013-5573 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2014-2068 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1808 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-1813 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5318 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2015-5326 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-1000401 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2017-2603 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-2105 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2020-8908 | low | — | com.google.guava:guava | — | jenkins-2.564 |
| CVE-2023-27903 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-27904 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-43497 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2023-43498 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
| CVE-2024-31573 | low | — | org.xmlunit:xmlunit-core | — | jenkins-2.564 |
| CVE-2025-67639 | low | — | org.jenkins-ci.main:jenkins-core | — | jenkins-2.564 |
Showing 320 of 320