Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sonatype — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Sonatype. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sonatype specializes in software supply chain security, focusing on identifying and mitigating vulnerabilities in open-source components. Historically, their products have been associated with common vulnerability classes such as remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. The company maintains a database of 12 CVEs, primarily related to component dependencies and security scanning tools. While no major security incidents have been publicly documented, Sonatype's core offerings emphasize proactive vulnerability detection and management within development environments, helping organizations reduce risks associated with third-party software integration.

Top products by Sonatype: Nexus Repository IQ Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component — Nexus RepositoryCWE-798 9.8 -2026-04-15
CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection — Nexus RepositoryCWE-502 7.2AIHighAI2026-04-08
CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) in ?describe Pages — Nexus RepositoryCWE-79 6.1AIMediumAI2026-04-08
CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration — Nexus RepositoryCWE-918 4.9AIMediumAI2026-01-14
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting — Nexus RepositoryCWE-79 6.1AIMediumAI2026-01-14
CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) — Nexus RepositoryCWE-79 4.8AIMediumAI2025-12-04
CVE-2025-9868 Nexus Repository 2 - SSRF Vulnerability in Remote Browser Plugin — Nexus RepositoryCWE-918 7.5AIHighAI2025-10-08
CVE-2024-5082 Nexus Repository 2 - Remote Code Execution — Nexus RepositoryCWE-94 7.2 -2024-11-14
CVE-2024-5083 Nexus Repository 2 - Stored XSS — Nexus RepositoryCWE-79 4.8 -2024-11-14
CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default — Nexus RepositoryCWE-798 7.2AIHighAI2024-10-23
CVE-2024-4956 Nexus Repository 3 - Path Traversal — Nexus RepositoryCWE-22 7.5 High2024-05-16
CVE-2024-1142 Sonatype IQ Server - Path Traversal — IQ ServerCWE-22 5.4 Medium2024-03-06

This page lists every published CVE security advisory associated with Sonatype. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.