Skip to main content

DigitalOcean

2 CVEs infrastructure

Monthly

CVE-2025-59717 npm MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js Do Markdownit DigitalOcean
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2020-2126 Maven MEDIUM PATCH This Month

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure DigitalOcean
NVD
CVSS 3.1
4.3
EPSS
0.7%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Node.js +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure DigitalOcean
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy