- How many CVEs does Jenkins have?
- Jenkins has 1,847 published CVE records since 2011, including 160 in the last two years.
- How many Jenkins CVEs are in CISA KEV?
- Yes — 7 of Jenkins's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Jenkins products have the most CVEs?
- The Jenkins products with the most published CVEs are jenkins, script-security-plugin, script_security, Jenkins Script Security Plugin, pipeline: groovy.
- What are the most common weakness types in Jenkins CVEs?
- Jenkins's CVEs most often map to these CWE weakness types: CWE-862 (Missing Authorization), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-611 (Improper Restriction of XML External Entity Reference).
- Are there public exploits for Jenkins vulnerabilities?
- Yes — 34 of Jenkins's CVEs have a known public exploit.
- How many critical Jenkins vulnerabilities are there?
- Jenkins has 78 critical and 490 high-severity CVEs.
- What is the average severity of Jenkins CVEs?
- The average CVSS base score across Jenkins's scored CVEs is 6.3.