1,107 CVEs

5 in CISA KEV

jenkinsci Vulnerabilities

CVE security advisories and vulnerability history for jenkinsci.

1,107

Total CVEs

Published

5

In CISA KEV

Exploited in the wild

20

Public exploits

With known exploit

6.3

Avg CVSS

2016–2026

Overview

jenkinsci has 1,107 published CVE records since 2016, of which 5 are in CISA's Known Exploited Vulnerabilities catalog and 20 have a known public exploit. The average CVSS base score across scored CVEs is 6.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting jenkinsci products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of jenkinsci's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical16

High55

Medium117

Low8

911 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

5

5 of jenkinsci's CVEs are confirmed exploited in the wild.

Public exploits

20

20 of jenkinsci's CVEs have a known public exploit available.

Most affected products

The jenkinsci products with the most published CVEs.

Jenkins197 CVEs
org.jenkins-ci.main:jenkins-core188 CVEs
org.jenkins-ci.plugins:script-security34 CVEs
script security32 CVEs
script-security-plugin32 CVEs
openshift container platform31 CVEs
pipeline\31 CVEs
Jenkins Script Security Plugin26 CVEs

Common weakness types

The CWE weakness categories most often found in jenkinsci CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish jenkinsci CVE records.

Disclosure activity by year

How many jenkinsci CVEs were published each year.

2019

248

2020

207

2021

84

2022

196

2023

98

2024

37

2025

37

2026

4

Latest jenkinsci CVEs

The most recently disclosed vulnerabilities affecting jenkinsci.

High vulnerability · 2026-03-18
CWE-350
High · CVSS 7.5
EPSS 0.1%2026-03-18
High vulnerability · 2026-03-18
CWE-59
High · CVSS 8.8
EPSS 0.3%2026-03-18
Medium vulnerability · 2026-02-18
CWE-200
Medium · CVSS 4.3
EPSS 0.4%2026-02-18
High vulnerability · 2026-02-18
CWE-79
High · CVSS 8.0
EPSS 0.1%2026-02-18
Medium vulnerability · 2025-12-10
CWE-78
Medium · CVSS 5.0
EPSS 0.1%2025-12-10
Low vulnerability · 2025-12-10
CWE-352
Low · CVSS 3.5
EPSS 0.0%2025-12-10
Medium vulnerability · 2025-12-10
CWE-312
Medium · CVSS 4.3
EPSS 0.0%2025-12-10
Medium vulnerability · 2025-12-10
CWE-312
Medium · CVSS 4.3
EPSS 0.1%2025-12-10
Medium vulnerability · 2025-12-10
CWE-862
Medium · CVSS 4.3
EPSS 0.2%2025-12-10
High vulnerability · 2025-12-10
CWE-404
High · CVSS 7.5
EPSS 0.2%2025-12-10
Medium vulnerability · 2025-10-29
CWE-311
Medium · CVSS 4.3
EPSS 0.0%2025-10-29
High vulnerability · 2025-10-29
CWE-611
High · CVSS 7.1
EPSS 0.0%2025-10-29

Track new jenkinsci CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor jenkinsci CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

mysql1,132 CVEs Fortinet1,125 CVEs PHPGurukul1,111 CVEs drupal1,100 CVEs juniper1,082 CVEs D-Link1,068 CVEs mediatek1,040 CVEs vmware1,036 CVEs

Browse all vendors

Frequently asked questions

Common questions about jenkinsci vulnerabilities.

How many CVEs does jenkinsci have?

jenkinsci has 1,107 published CVE records since 2016, including 41 in the last two years.

How many jenkinsci CVEs are in CISA KEV?

Yes — 5 of jenkinsci's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which jenkinsci products have the most CVEs?

The jenkinsci products with the most published CVEs are Jenkins, org.jenkins-ci.main:jenkins-core, org.jenkins-ci.plugins:script-security, script security, script-security-plugin.

What are the most common weakness types in jenkinsci CVEs?

jenkinsci's CVEs most often map to these CWE weakness types: CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-862 (Missing Authorization), CWE-312 (Cleartext Storage of Sensitive Information).

Are there public exploits for jenkinsci vulnerabilities?

Yes — 20 of jenkinsci's CVEs have a known public exploit.

How many critical jenkinsci vulnerabilities are there?

jenkinsci has 16 critical and 55 high-severity CVEs.

What is the average severity of jenkinsci CVEs?

The average CVSS base score across jenkinsci's scored CVEs is 6.3.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track jenkinsci vulnerabilities

Monitor new jenkinsci vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing