Security Advisories
Important advisories of known security vulnerabilities in Sonatype products.
- CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
- CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
- CVE-2021-43293 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2021-10-27
- CVE-2021-42568 Nexus Repository 3 - Incorrect Access Control - 2021-10-27
- CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
- CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05
- CVE-2021-34553 Nexus Repository 3 - Directory Traversal - 2021-06-17
- CVE-2021-30635 Nexus Repository Manager 3 - Directory Traversal - 2021-04-22
- CVE-2021-29158 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2021-04-22
- CVE-2021-29159 Nexus Repository Manager 3 - Cross Site Scripting XSS
- CVE-2020-29436 Nexus Repository 3 and IQ Server - XML External Entities injection - 2020-12-15
- CVE-2020-13933 Nexus Repository 2 & 3 - Shiro Authentication Bypass - 2020-10-15
- CVE-2020-24622 Nexus Repository 3 - Sensitive Information Disclosure - 2020-09-15
- CVE-2020-15868 Nexus Repository 3 - Access Controls Bypass - 2020-08-11
- CVE-2020-15871 Nexus Repository 3 - Remote Code Execution - 2020-07-29
- CVE-2020-15870 Nexus Repository 3 - Reflection XSS - 2020-07-29
- CVE-2020-15869 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29
- CVE-2020-15012 Nexus Repository 2 - Directory Traversal - 2020-10-08
- CVE-2020-11753 Nexus Repository 3 - Improper Access Controls - 2020-04-16
- CVE-2020-11444 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-02
- CVE-2020-11415 Nexus Repository 2 & 3 - Sensitive Information Disclosure - 2020-04-16
- CVE-2020-10203 Nexus Repository 3 - Cross Site Scripting XSS - 2020-03-31
- CVE-2020-10204 Nexus Repository 3 - Remote Code Execution - 2020-03-31
- CVE-2020-10199 Nexus Repository 3 - Remote Code Execution - 2020-03-31
- CVE-2019-16530 Nexus Repository 2 & 3, and IQ Server - Remote Code Execution - 2019-09-19
- CVE-2019-15893 Nexus Repository 2 - Remote Code Execution - 2019-09-03
- CVE-2019-5475 & sonatype-2019-0429 (CVE-2019-15588) Nexus Repository 2 - OS Command Injection - 2019-08-09
- CVE-2019-14469 Nexus Repository 3 - Cross Site Scripting XSS - 2019-07-26
- CVE-2019-11629 Nexus Repository 2 - Cross Site Scripting XSS - 2019-05-02
- CVE-2019-7238 Nexus Repository 3 - Missing Access Controls and Remote Code Execution - 2019-02-05