VYPR

Nexus Repository

by Sonatype

CVEs (30)

  • CVE-2019-7238CriKEVMar 21, 2019
    risk 0.75cvss 9.8epss 0.77

    Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

  • CVE-2019-9629CriJul 8, 2019
    risk 0.64cvss 9.8epss 0.01

    Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).

  • CVE-2026-3199CriApr 8, 2026
    risk 0.61cvss epss 0.00

    A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

  • CVE-2026-5189CriApr 15, 2026
    risk 0.60cvss epss 0.00

    CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process…

  • CVE-2024-4956HigMay 16, 2024
    risk 0.59cvss 7.5epss 0.18

    Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.

  • CVE-2026-3329HigJun 11, 2026
    risk 0.57cvss epss 0.01

    A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.

  • CVE-2025-9868HigOct 8, 2025
    risk 0.57cvss epss 0.00

    Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials via crafted HTTP requests.

  • CVE-2026-10748HigJun 16, 2026
    risk 0.56cvss epss 0.00

    An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus Repository 3 versions before 3.92.0.

  • CVE-2020-15868HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.

  • CVE-2019-9630HigJul 8, 2019
    risk 0.49cvss 7.5epss 0.01

    Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.

  • CVE-2018-16620HigNov 15, 2018
    risk 0.49cvss 7.5epss 0.01

    Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

  • CVE-2024-5082HigNov 14, 2024
    risk 0.47cvss epss 0.02

    A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

  • CVE-2019-15588HigNov 1, 2019
    risk 0.47cvss 7.2epss 0.06

    There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

  • CVE-2019-15893HigOct 16, 2019
    risk 0.47cvss 7.2epss 0.02

    Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.

  • CVE-2018-16621HigNov 15, 2018
    risk 0.47cvss 7.2epss 0.02

    Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

  • CVE-2020-29436MedDec 17, 2020
    risk 0.42cvss 6.5epss 0.01

    Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0.

  • CVE-2026-0600MedJan 14, 2026
    risk 0.40cvss epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services…

  • CVE-2020-15870MedJul 31, 2020
    risk 0.40cvss 6.1epss 0.01

    Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).

  • CVE-2019-11629MedMay 7, 2019
    risk 0.40cvss 6.1epss 0.01

    Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.

  • CVE-2018-16619MedNov 15, 2018
    risk 0.40cvss 6.1epss 0.01

    Sonatype Nexus Repository Manager before 3.14 allows XSS.

Page 1 of 2