Jenkins Owasp Dependency-check — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Owasp Dependency-check, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-43577 — CVSS 7.1 (high): Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2017-1000109 — CVSS 6.1 (medium): The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site…
CVE-2024-28153 — CVSS 5.4 (medium): Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in…