VYPR

Dependency Track

by Dependencytrack

Source repositories

CVEs (5)

  • CVE-2025-61776MedOct 7, 2025
    risk 0.31cvss 4.7epss 0.00

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP…

  • CVE-2024-54002MedDec 4, 2024
    risk 0.27cvss 5.3epss 0.00

    Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than…

  • CVE-2025-27137MedFeb 24, 2025
    risk 0.22cvss 4.4epss 0.00

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the…

  • CVE-2022-39351Oct 25, 2022
    risk 0.00cvss epss 0.00

    Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to…

  • CVE-2019-1020007Jul 29, 2019
    risk 0.00cvss epss 0.01

    Dependency-Track before 3.5.1 allows XSS.