CVE Daily – Liquibase (High+Critical) https://cvedaily.com/pages/tags/liquibase.html CVE Daily – Liquibase (High+Critical) en Wed, 03 Jun 2026 21:27:11 +0000 [Critical] CVE-2022-0839 – Improper Restriction of XML External Entity Reference in GitHub repository liqui... https://nvd.nist.gov/vuln/detail/CVE-2022-0839 https://nvd.nist.gov/vuln/detail/CVE-2022-0839 Fri, 04 Mar 2022 15:15:09 +0000 Critical CVE-2022-0839

Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.

CVSS: 9.8 · CWE: CWE-611

View on NVD

]]> [High] CVE-2020-2284 – Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML par... https://nvd.nist.gov/vuln/detail/CVE-2020-2284 https://nvd.nist.gov/vuln/detail/CVE-2020-2284 Wed, 23 Sep 2020 14:15:13 +0000 High CVE-2020-2284

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS: 7.1 · CWE: CWE-611

View on NVD

]]> [High] CVE-2018-1000146 – An arbitrary code execution vulnerability exists in Liquibase Runner Plugin vers... https://nvd.nist.gov/vuln/detail/CVE-2018-1000146 https://nvd.nist.gov/vuln/detail/CVE-2018-1000146 Thu, 05 Apr 2018 13:29:00 +0000 High CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

CVSS: 8.8 · CWE: N/A

View on NVD

]]>