Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Jfrog — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting Jfrog. AI-powered Chinese analysis, POCs, and references for each vulnerability.

JFrog operates as a leading provider of software supply chain management solutions, primarily offering artifact repository services and DevOps automation tools that enable organizations to build, store, and distribute software components. The platform’s extensive integration into continuous integration and deployment pipelines makes it a critical infrastructure component for modern software development lifecycles. Historically, security assessments have identified vulnerabilities within its ecosystem, including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from underlying web frameworks or misconfigured access controls. While no catastrophic data breaches have publicly defined the company’s security history, the presence of multiple Common Vulnerabilities and Exposures highlights the inherent risks associated with complex enterprise software. Maintaining rigorous patch management and strict access controls remains essential for mitigating these potential entry points and ensuring the integrity of the software supply chain.

Top products by Jfrog: Artifactory JFrog Artifactory Artifactory Self-Hosted Artifactory (Workers)
CVE IDTitleCVSSSeverityPublished
CVE-2025-14830 JFrog Artifactory Cross-Site Scripting — Artifactory (Workers)CWE-79 4.9 Medium2026-01-04
CVE-2024-6915 JFrog Artifactory Cache Poisoning — ArtifactoryCWE-20 9.3 Critical2024-08-05
CVE-2024-2248 JFrog Artifactory Header Injection — ArtifactoryCWE-20 6.4 Medium2024-05-15
CVE-2024-4142 JFrog Artifactory Improper input validation within token creation flow — ArtifactoryCWE-20 9.0 Critical2024-05-01
CVE-2024-3505 JFrog Self-Hosted Artifactory Proxy configuration accessible to low-privilege users — Artifactory Self-HostedCWE-200 4.3 Medium2024-04-15
CVE-2024-2247 JFrog Artifactory Cross-Site Scripting — ArtifactoryCWE-79 8.8 High2024-03-13
CVE-2023-42509 JFrog Artifactory Sensitive Data Leakage in Repository configuration process — ArtifactoryCWE-755 6.6 Medium2024-03-07
CVE-2023-42661 JFrog Artifactory Improper input validation leads to arbitrary file write — ArtifactoryCWE-20 7.2 High2024-03-07
CVE-2023-42662 JFrog Artifactory Improper SSO Mechanism may lead to Exposure of Access Tokens — ArtifactoryCWE-287 9.3 Critical2024-03-07
CVE-2023-42508 JFrog Artifactory Improper header input validation leads to email manipulation sent from the platform — ArtifactoryCWE-20 6.5 Medium2023-10-03
CVE-2022-0668 JFrog Artifactory 安全漏洞 — JFrog ArtifactoryCWE-274 5.3 Medium2023-01-08
CVE-2021-23163 JFrog Artifactory 跨站请求伪造漏洞 — JFrog ArtifactoryCWE-352 3.1 Low2022-07-06
CVE-2021-46687 JFrog Artifactory 安全漏洞 — JFrog ArtifactoryCWE-359 4.9 Medium2022-07-06
CVE-2021-45721 JFrog Artifactory 跨站脚本漏洞 — JFrog ArtifactoryCWE-79 6.1 Medium2022-07-06
CVE-2021-41834 JFrog Artifactory 安全漏洞 — ArtifactoryCWE-284 5.3 Medium2022-05-23
CVE-2021-45730 JFrog Artifactory 安全漏洞 — ArtifactoryCWE-284 6.0 Medium2022-05-19
CVE-2022-0573 JFrog Artifactory 代码问题漏洞 — JFrog ArtifactoryCWE-502 8.8 High2022-05-16
CVE-2021-46270 JFrog Artifactory 安全漏洞 — JFrog ArtifactoryCWE-284 2.7 Low2022-03-02
CVE-2021-45074 JFrog Artifactory 安全漏洞 — JFrog ArtifactoryCWE-284 4.3 Medium2022-03-02
CVE-2021-3860 Jfrog JFrog Artifactory SQL注入漏洞 — JFrog ArtifactoryCWE-89 8.8 High2021-12-20
CVE-2019-17444 JFrog Artifactory does not enforce default admin password change — ArtifactoryCWE-521 9.8 Critical2020-10-12

This page lists every published CVE security advisory associated with Jfrog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.