Search Vulnerabilities

perforce / delphix_continuous_compliance

In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked.

Published Dec 20, 2025

CVE-2024-5250

LOW3.5

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations

perforce / akana_api

Published Jul 30, 2024

CVE-2024-5249

MEDIUM5.4

In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.

perforce / akana_api

Published Jul 30, 2024

CVE-2024-3930

MEDIUM6.3

In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.

perforce / akana_api

Published Jul 30, 2024

CVE-2024-0325

LOW3.6

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.

perforce / helix_sync

Local

Published Feb 1, 2024

CVE-2023-45319

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.

CVE-2023-35767

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.

CVE-2023-5759

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.

CVE-2023-45849

CRITICAL9.0

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

CVE-2022-2394

MEDIUM4.1

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

perforce / puppet_bolt

Published Jul 19, 2022

CVE-2021-28973

MEDIUM4.9

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

perforce / helix_alm

Published Apr 13, 2021

CVE-2013-1410

MEDIUM6.1

Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities

perforce / p4web+1

Published Feb 12, 2020

CVE-2018-1000147

MEDIUM6.5

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

perforce / perforce

Published Apr 5, 2018

CVE-2018-1000145

MEDIUM6.5

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

jenkins / perforce