Pipeline\

This hub aggregates every CVE we track for Pipeline\, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Pipeline\.

• CVE-2026-48921Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by...7.5May 27, 2026
• CVE-2026-40923Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check5.4Apr 21, 2026
• CVE-2026-40924Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion6.5Apr 21, 2026
• CVE-2026-40938Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE7.5Apr 21, 2026
• CVE-2026-40161Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL7.7Apr 21, 2026
• CVE-2026-25542Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching6.5Apr 21, 2026
• CVE-2026-33211Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resolver pod9.6Mar 23, 2026
• CVE-2026-33022Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun6.5Mar 20, 2026
• CVE-2024-52551Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing a...8.0Nov 13, 2024
• CVE-2024-52550Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attack...8.0Nov 13, 2024
• CVE-2023-37264Pipelines do not validate child UIDs3.7Jul 7, 2023
• CVE-2023-32977Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by ...5.4May 16, 2023
• CVE-2023-25762Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vu...5.4Feb 15, 2023
• CVE-2022-43409Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-si...5.4Oct 19, 2022
• CVE-2022-43408Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to...6.5Oct 19, 2022