CVEs from 2018

3,288 normalized CVEs published or assigned in this year.

Total

3,288

critical

critical 226

high

high 266

medium

medium 224

low

low 32

% Critical

6.9%

% with KEV

2.7%

% with exploit

2.8%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2018-1000113	unknown	—	—	4y ago	Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
CVE-2018-1000108	unknown	—	—	4y ago	Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin
CVE-2018-1000144	unknown	—	—	4y ago	Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability
CVE-2018-1000150	unknown	—	—	4y ago	Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
CVE-2018-1000151	unknown	—	—	4y ago	Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
CVE-2018-1000147	unknown	—	—	4y ago	Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000143	unknown	—	—	4y ago	Jenkins GitHub Pull Request Builder Plugin
CVE-2018-1000142	unknown	—	—	4y ago	Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials
CVE-2018-1000148	unknown	—	—	4y ago	Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
CVE-2018-1000153	unknown	—	—	4y ago	Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
CVE-2018-1000174	unknown	—	—	4y ago	Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2018-1000173	unknown	—	—	4y ago	Jenkins Google Login Plugin Session Fixation vulnerability
CVE-2018-1000176	unknown	—	—	4y ago	Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
CVE-2018-1000175	unknown	—	—	4y ago	Jenkins HTML Publisher Plugin path traversal vulnerability
CVE-2018-1000177	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins S3 Publisher Plugin
CVE-2018-1310	unknown	—	—	4y ago	Apache NiFi JMS Deserialization issue
CVE-2018-1309	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in Apache NiFi
CVE-2018-11651	unknown	—	—	4y ago	Cross-site Scripting in Graylog
CVE-2018-11650	unknown	—	—	4y ago	Cross-site Scripting in Graylog Server
CVE-2018-1000182	unknown	—	—	4y ago	Server-Side Request Forgery in Jenkins Git Plugin
CVE-2018-1000186	unknown	—	—	4y ago	Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
CVE-2018-1000184	unknown	—	—	4y ago	Jenkins GitHub Plugin server-side request forgery vulnerability exists
CVE-2018-1000202	unknown	—	—	4y ago	Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
CVE-2018-1000187	unknown	—	—	4y ago	Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1000188	unknown	—	—	4y ago	Jenkins CAS Plugin Server-Side Request Forgery vulnerability
CVE-2018-1000185	unknown	—	—	4y ago	Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
CVE-2018-1000183	unknown	—	—	4y ago	Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000190	unknown	—	—	4y ago	Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000198	unknown	—	—	4y ago	XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000196	unknown	—	—	4y ago	Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
CVE-2018-12036	unknown	—	—	4y ago	Path Traversal in OWASP Dependency-Check
CVE-2018-12432	unknown	—	—	4y ago	Cross-site Scripting in JavaMelody
CVE-2018-1000601	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
CVE-2018-1000602	unknown	—	—	4y ago	Jenkins SAML Plugin Session Fixation vulnerability
CVE-2018-12973	unknown	—	—	4y ago	OpenTSDB Cross-site Scripting vulnerability
CVE-2018-13003	unknown	—	—	4y ago	OpenTSDB Cross-site Scripting vulnerability
CVE-2018-1000604	unknown	—	—	4y ago	Jenkins Badge Plugin cross-site scripting vulnerability
CVE-2018-1000607	unknown	—	—	4y ago	Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
CVE-2018-1000609	unknown	—	—	4y ago	Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
CVE-2018-11041	unknown	—	—	4y ago	Cloud Foundry UAA open redirect
CVE-2018-1000606	unknown	—	—	4y ago	URLTrigger Plugin server-side request forgery vulnerability
CVE-2018-13439	unknown	—	—	4y ago	WeChat Pay Java SDK allows XXE
CVE-2018-1000402	unknown	—	—	4y ago	Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
CVE-2018-14380	unknown	—	—	4y ago	Cross-site Scripting in Graylog Server
CVE-2018-14371	unknown	—	—	4y ago	Path Traversal in Eclipse Mojarra
CVE-2018-1999029	unknown	—	—	4y ago	Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999031	unknown	—	—	4y ago	Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-1999041	unknown	—	—	4y ago	Exposure of sensitive information vulnerability
CVE-2018-1999026	unknown	—	—	4y ago	Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-1999025	unknown	—	—	4y ago	Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999035	unknown	—	—	4y ago	Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999034	unknown	—	—	4y ago	Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605	unknown	—	—	4y ago	Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999037	unknown	—	—	4y ago	Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038	unknown	—	—	4y ago	Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039	unknown	—	—	4y ago	Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-11758	unknown	—	—	4y ago	XML External Entity Reference in Apache Cayenne
CVE-2018-1000665	unknown	—	—	4y ago	Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366	unknown	—	—	4y ago	Mingsoft MCMS CSRF vulnerability
CVE-2018-16277	unknown	—	—	4y ago	XWiki XSS Vulnerability
CVE-2018-11804	unknown	—	—	4y ago	Improper Input Validation in Apache Spark
CVE-2018-17605	unknown	—	—	4y ago	Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227	unknown	—	—	4y ago	RDF4J vulnerable to zip slip
CVE-2018-20663	unknown	—	—	4y ago	The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413	unknown	—	—	4y ago	Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000414	unknown	—	—	4y ago	CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000417	unknown	—	—	4y ago	CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000411	unknown	—	—	4y ago	Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330	unknown	—	—	4y ago	Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000415	unknown	—	—	4y ago	Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-1000421	unknown	—	—	4y ago	Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-1000422	unknown	—	—	4y ago	Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-8031	unknown	—	—	4y ago	Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-1306	unknown	—	—	4y ago	Exposure of Sensitive Information in Apache Pluto
CVE-2018-8718	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Mailer Plugin
CVE-2018-1294	unknown	—	—	4y ago	Improper Input Validation Apache Commons Email
CVE-2018-1000129	unknown	—	—	4y ago	Cross-site Scripting in Jolokia agent
CVE-2018-1000130	unknown	—	—	4y ago	Injection in Jolokia agent
CVE-2018-19859	unknown	—	—	4y ago	OpenRefine Directory Traversal
CVE-2018-1999027	unknown	—	—	4y ago	Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191	unknown	—	—	4y ago	Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-10862	unknown	—	—	4y ago	Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999042	unknown	—	—	4y ago	Deserialization of Untrusted Data in Jenkins
CVE-2018-1999046	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999045	unknown	—	—	4y ago	Improper Authentication in Jenkins
CVE-2018-1000406	unknown	—	—	4y ago	Path Traversal in Jenkins
CVE-2018-1000409	unknown	—	—	4y ago	Session Fixation in Jenkins
CVE-2018-1000862	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000407	unknown	—	—	4y ago	Cross-site Scripting in Jenkins
CVE-2018-1000410	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000170	unknown	—	—	4y ago	Cross-site Scripting in Jenkins Core
CVE-2018-1000997	unknown	—	—	4y ago	Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1325	unknown	—	—	4y ago	Cross-site Scripting in wicket-jquery-ui
CVE-2018-11688	unknown	—	—	4y ago	Ignite Realtime Openfire vulnerable to cross-site scripting
CVE-2018-1000169	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000416	unknown	—	—	4y ago	Jenkins Job Config History Plugin reflected XSS vulnerability
CVE-2018-1000076	unknown	—	—	4y ago	RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000077	unknown	—	—	4y ago	RubyGems Improper Input Validation vulnerability
CVE-2018-1000074	unknown	—	—	4y ago	RubyGems Deserialization of Untrusted Data vulnerability

CVEs from 2018

Top vendors

Top products

Top packages