Woodpecker-ci Woodpecker
5 CVEs affecting Woodpecker-ci Woodpecker. Latest disclosed: 2026-06-18. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41121 | High | 8.8 | 2024-07-19 | Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflo… |
CVE-2023-40034 | High | 8.1 | 2023-08-16 | Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the reposito… |
CVE-2024-41122 | High | 7.5 | 2024-07-19 | Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflo… |
CVE-2022-29947 | Medium | 6.1 | 2022-04-29 | Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. |
CVE-2026-50141 | | 2026-06-18 | Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated ag… |