jenkins

13 open findings · 12 with upstream fix available

Image: ghcr.io/rtvkiz/minimal-jenkins:latest · Size: 388 MB · Last rebuilt: 0d ago · Updated: 2026-06-17 21:45 UTC

Package	Version	Severity	CVE	Fix	Description	VEX
mina-core	2.2.4	CRITICAL	GHSA-vf5j-865m-mq7c	2.2.7	Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)	—
mina-core	2.2.4	CRITICAL	GHSA-995c-6rp3-4m4x	2.2.7	Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)	—
mina-core	2.2.4	CRITICAL	GHSA-8297-v2rf-2p32	2.2.6	Apache MINA vulnerable to Deserialization of Untrusted Data	—
mina-core	2.2.4	CRITICAL	GHSA-f2wh-grmh-r6jm	2.2.6	Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)	—
bcprov-jdk18on	1.83	HIGH	GHSA-p93r-85wp-75v3	1.84	Bouncy Castle Has Covert Timing Channel Vulnerability	—
bcpg-jdk18on	1.83	HIGH	GHSA-cj8j-37rh-8475	1.84	Bouncy Castle Uncontrolled Resource Consumption vulnerability	—
jenkins-core	2.555.3	HIGH	GHSA-93qh-vwrm-c5pw	2.568	Jenkins: Stored XSS vulnerability in node offline cause description	—
jackson-core	3.1.0	HIGH	GHSA-2m67-wjpj-xhg9	3.1.1	Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers	—
commons-lang	2.6	MEDIUM	GHSA-j288-q9x7-2f5v	—	Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs	—
bcprov-jdk18on	1.83	MEDIUM	GHSA-c3fc-8qff-9hwx	1.84	Bouncy Castle has an LDAP injection	—
bcpkix-jdk18on	1.83	MEDIUM	GHSA-wg6q-6289-32hp	1.84	Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules	—
spring-security-core	6.5.9	MEDIUM	GHSA-x2wq-9x2f-fhj7	6.5.10	Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured	—
spring-security-core	6.5.9	LOW	GHSA-vxf7-qj7q-83fh	6.5.10	Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider	—