Dependency Track
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61776 | Med | 0.31 | 4.7 | 0.00 | Oct 7, 2025 | Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP… | ||
| CVE-2024-54002 | Med | 0.27 | 5.3 | 0.00 | Dec 4, 2024 | Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than… | ||
| CVE-2025-27137 | Med | 0.22 | 4.4 | 0.00 | Feb 24, 2025 | Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the… | ||
| CVE-2022-39351 | 0.00 | — | 0.00 | Oct 25, 2022 | Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to… | |||
| CVE-2019-1020007 | 0.00 | — | 0.01 | Jul 29, 2019 | Dependency-Track before 3.5.1 allows XSS. |
- risk 0.31cvss 4.7epss 0.00
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to `api.nuget.org` via the HTTP…
- risk 0.27cvss 5.3epss 0.00
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than…
- risk 0.22cvss 4.4epss 0.00
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the…
- CVE-2022-39351Oct 25, 2022risk 0.00cvss —epss 0.00
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to…
- CVE-2019-1020007Jul 29, 2019risk 0.00cvss —epss 0.01
Dependency-Track before 3.5.1 allows XSS.