VYPR

Nexus Repository

by Sonatype

CVEs (30)

  • CVE-2019-14469MedAug 22, 2019
    risk 0.35cvss 5.4epss 0.01

    In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

  • CVE-2026-7308MedMay 11, 2026
    risk 0.33cvss epss 0.00

    An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions…

  • CVE-2026-3048MedMay 11, 2026
    risk 0.33cvss epss 0.00

    An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.

  • CVE-2026-3438MedApr 8, 2026
    risk 0.33cvss epss 0.00

    A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user…

  • CVE-2026-0601MedJan 14, 2026
    risk 0.33cvss epss 0.00

    A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.

  • CVE-2024-5083MedNov 14, 2024
    risk 0.33cvss epss 0.00

    A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

  • CVE-2020-24622MedAug 25, 2020
    risk 0.32cvss 4.9epss 0.01

    In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.

  • CVE-2022-27907MedMar 30, 2022
    risk 0.28cvss 4.3epss 0.01

    Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.

  • CVE-2021-43961MedMar 17, 2022
    risk 0.28cvss 4.3epss 0.01

    Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.

  • CVE-2024-5764Oct 23, 2024
    risk 0.00cvss epss 0.00

    Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected…

Page 2 of 2