Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Nexus Repository — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Nexus Repository, with AI-generated Chinese analysis, references, and POCs.

This page covers vulnerability aggregations for Nexus Repository, a popular software artifact repository manager developed by Sonatype. It aggregates known security weaknesses, primarily focusing on remote code execution, privilege escalation, and cross-site scripting flaws identified within the product’s various releases and configurations. The data spans vulnerability reports from 2015 through the present, encompassing all major versions including Nexus Repository OSS and Nexus Repository Pro. Here, users can track Sonatype’s security advisories to stay informed about patches and mitigations for their specific deployment environments. The page allows analysts to understand the prevalence and characteristics of specific weakness classes as they apply to repository management tools. Additionally, it provides a historical perspective on how the product’s security posture has evolved over time, highlighting recurring issue types and the frequency of reported incidents. This resource is designed for security engineers, system administrators, and compliance officers who need to assess risk exposure. By consolidating these findings, the page facilitates quicker triage of new vulnerabilities and aids in prioritizing remediation efforts based on historical trends and vendor guidance. It serves as a centralized reference point for understanding the security landscape of Nexus Repository without requiring manual searches across multiple vendor databases or third-party trackers. The information presented is intended to support informed decision-making regarding software maintenance and upgrade strategies.

Vendor: Sonatype

CVE IDTitleCVSSSeverityPublished
CVE-2026-10748 Nexus Repository 3 - Remote Code Execution via License Deserialization CWE-502--2026-06-16
CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page CWE-79--2026-05-11
CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling CWE-502--2026-05-11
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component CWE-798 9.8 -2026-04-15
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection CWE-502 7.2AIHighAI2026-04-08
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages CWE-79 6.1AIMediumAI2026-04-08
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration CWE-918 4.9AIMediumAI2026-01-14
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting CWE-79 6.1AIMediumAI2026-01-14
CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) CWE-79 4.8AIMediumAI2025-12-04
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin CWE-918 7.5AIHighAI2025-10-08
CVE-2024-5082 Nexus Repository 2 - Remote Code Execution CWE-94 7.2 -2024-11-14
CVE-2024-5083 Nexus Repository 2 - Stored XSS CWE-79 4.8 -2024-11-14
CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default CWE-798 7.2AIHighAI2024-10-23
CVE-2024-4956 Nexus Repository 3 - Path Traversal CWE-22 7.5 High2024-05-16

All 14 known CVE vulnerabilities affecting Nexus Repository with full Chinese analysis, references, and POCs where available.