Sonatype Nexus Repository
13 CVEs affecting Sonatype Nexus Repository. Latest disclosed: 2026-05-11. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4956 | High | 7.5 | 2024-05-16 | Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. |
CVE-2026-7308 | | 2026-05-11 | An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user wh… | |
CVE-2026-3048 | | 2026-05-11 | An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to init… | |
CVE-2026-5189 | | 2026-04-15 | CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network acces… | |
CVE-2026-3199 | | 2026-04-08 | A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creatio… | |
CVE-2026-3438 | | 2026-04-08 | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers t… | |
CVE-2026-0600 | | 2026-01-14 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy… | |
CVE-2026-0601 | | 2026-01-14 | A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's… | |
CVE-2025-13488 | | 2025-12-04 | Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may al… | |
CVE-2025-9868 | | 2025-10-08 | Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attac… | |
CVE-2024-5082 | | 2024-11-14 | A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and in… | |
CVE-2024-5083 | | 2024-11-14 | A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to an… | |
CVE-2024-5764 | | 2024-10-23 | Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the N… |