Skip to main content

Pmd

3 CVEs product

Monthly

CVE-2026-28338 Maven MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in PMD's legacy vbhtml and yahtml report formats allows arbitrary JavaScript execution when HTML reports are opened in a browser, triggered by analyzing malicious source code containing crafted string literals. Public exploit code exists for this vulnerability affecting PMD versions prior to 7.22.0. The impact is limited since these legacy formats are rarely used and the default html format is properly escaped.

XSS Pmd
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2019-7722 Maven HIGH POC PATCH This Week

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure Pmd
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-1000008 Maven HIGH PATCH This Week

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Pmd
NVD
CVSS 3.0
8.8
EPSS
1.2%
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) in PMD's legacy vbhtml and yahtml report formats allows arbitrary JavaScript execution when HTML reports are opened in a browser, triggered by analyzing malicious source code containing crafted string literals. Public exploit code exists for this vulnerability affecting PMD versions prior to 7.22.0. The impact is limited since these legacy formats are rarely used and the default html format is properly escaped.

XSS Pmd
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XXE Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy