Security Advisories
Important advisories of known security vulnerabilities in Sonatype products.
- CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) - 2026-05-11
- CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling - 2026-05-11
- CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component - 2026-04-15
- CVE-2026-3199 Nexus Repository 3 - Authenticated Remote Code Execution - 2026-04-08
- CVE-2026-3438 Nexus Repository 3 - Reflected Cross-Site Scripting (XSS) - 2026-04-08
- CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting - 2026-01-13
- CVE-2026-0600 Nexus Repository 3 - Server-Side Request Forgery - 2026-01-13
- CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) - 2025-12-04
- CVE-2025-9868 Nexus Repository 2 – SSRF Vulnerability in Remote Browser Plugin
- CVE-2024-5764 - Nexus Repository Manager 3 - Static hard-coded encryption passphrase used by default - 2024-10-17
- CVE-2024-5082 Nexus Repository 2 - Remote Code Execution
- CVE-2024-5083 Nexus Repository 2 - Stored XSS Vulnerability
- CVE-2024-4956 Nexus Repository 3 - Path Traversal - 2024-05-16
- Mitigations for CVE-2024-4956 Nexus Repository 3 Vulnerability
- CVE-2024-1142 Sonatype IQ Server Path Traversal- 2024-03-06
- CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
- CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
- CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
- CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05
- CVE-2021-34553 Nexus Repository 3 - Directory Traversal - 2021-06-17
- CVE-2021-30635 Nexus Repository Manager 3 - Directory Traversal - 2021-04-22
- CVE-2021-29158 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2021-04-22
- CVE-2021-29159 Nexus Repository Manager 3 - Cross Site Scripting XSS
- CVE-2020-13933 Nexus Repository 2 & 3 - Shiro Authentication Bypass - 2020-10-15
- CVE-2020-24622 Nexus Repository 3 - Sensitive Information Disclosure - 2020-09-15
- CVE-2020-15870 Nexus Repository 3 - Reflection XSS - 2020-07-29
- CVE-2020-15869 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29
- CVE-2020-15012 Nexus Repository 2 - Directory Traversal - 2020-10-08
- CVE-2020-11753 Nexus Repository 3 - Improper Access Controls - 2020-04-16
- CVE-2020-11444 Nexus Repository Manager 3 - Improper Access Controls - 2020-04-02