Nexus Repository
by Sonatype
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14469 | Med | 0.35 | 5.4 | 0.01 | Aug 22, 2019 | In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | ||
| CVE-2026-7308 | Med | 0.33 | — | 0.00 | May 11, 2026 | An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions… | ||
| CVE-2026-3048 | Med | 0.33 | — | 0.00 | May 11, 2026 | An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server. | ||
| CVE-2026-3438 | Med | 0.33 | — | 0.00 | Apr 8, 2026 | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user… | ||
| CVE-2026-0601 | Med | 0.33 | — | 0.00 | Jan 14, 2026 | A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction. | ||
| CVE-2024-5083 | Med | 0.33 | — | 0.00 | Nov 14, 2024 | A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||
| CVE-2020-24622 | Med | 0.32 | 4.9 | 0.01 | Aug 25, 2020 | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | ||
| CVE-2022-27907 | Med | 0.28 | 4.3 | 0.01 | Mar 30, 2022 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | ||
| CVE-2021-43961 | Med | 0.28 | 4.3 | 0.01 | Mar 17, 2022 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | ||
| CVE-2024-5764 | 0.00 | — | 0.00 | Oct 23, 2024 | Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected… |
- risk 0.35cvss 5.4epss 0.01
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
- risk 0.33cvss —epss 0.00
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions…
- risk 0.33cvss —epss 0.00
An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server.
- risk 0.33cvss —epss 0.00
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user…
- risk 0.33cvss —epss 0.00
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.
- risk 0.33cvss —epss 0.00
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
- risk 0.32cvss 4.9epss 0.01
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
- risk 0.28cvss 4.3epss 0.01
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
- risk 0.28cvss 4.3epss 0.01
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
- CVE-2024-5764Oct 23, 2024risk 0.00cvss —epss 0.00
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected…
Page 2 of 2