- What is the JFROG CNA?
- JFROG is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 118 CVE records since 2021.
- How many CVEs has JFROG published?
- JFROG has published 118 CVE records, including 58 in the last two years.
- What is JFROG's CVE data quality grade?
- RadicalNotion.AI grades JFROG's CVE data quality as C, with an overall completeness score of 74.6%. This reflects how consistently its CVE records include vendor (61.9%), product (61.9%), CVSS (74.6%), and CWE (100%) information.
- What products does JFROG publish CVEs for?
- JFROG most frequently publishes CVEs for Artifactory, fedora, busybox, debian linux, JFrog Artifactory.
- Which vendors does JFROG cover?
- JFROG publishes CVEs across 28 distinct vendors, most often JFrog, fedoraproject, busybox, mirror, debian.
- Is JFROG actively publishing CVEs?
- JFROG is currently active, based on 58 CVEs in the last two years.
- What is the average severity of JFROG's CVEs?
- The average CVSS base score across JFROG's scored CVEs is 7.0.
- How many critical CVEs has JFROG published?
- JFROG has published 30 critical-severity CVEs and 54 high-severity CVEs.
- Are any of JFROG's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 1 of JFROG's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in JFROG's CVEs?
- JFROG's CVEs most often map to these CWE weakness types: CWE-1333 (Inefficient Regular Expression Complexity), CWE-416 (Use After Free), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-20 (Improper Input Validation).
- How does JFROG rank among CNAs?
- By total CVE volume, JFROG ranks #115 of 370 CNAs, and it reports more complete CVE records than 23% of all CNAs.