Nexus repository manager
This hub aggregates every CVE we track for Nexus repository manager, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
35
CVEs tracked
3
Critical
13
High
1
In CISA KEV
Severity distribution
MEDIUM19HIGH13CRITICAL3
Monthly trend
0
0
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Nexus repository manager.
- CVE-2024-5082Nexus Repository 2 - Remote Code Execution7.6
- CVE-2024-5083Nexus Repository 2 - Stored XSS5.4
- CVE-2024-5764Nexus Repository 3 - Static hard-coded encryption passphrase used by default6.5
- CVE-2024-4956Nexus Repository 3 - Path Traversal7.5
- CVE-2021-3827A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by send...6.8
- CVE-2022-27907Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.4.3
- CVE-2021-43961Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.4.3
- CVE-2021-23463XML External Entity (XXE) Injection8.1
- CVE-2020-10199Уязвимость менеджера репозиториев Sonatype Nexus Repository Manager, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код8.8
- CVE-2021-43293Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).4.3
- CVE-2021-42568Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.4.3
- CVE-2021-37152Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository...5.4
- CVE-2021-34553Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been gr...4.3
- CVE-2021-29159A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when...6.1
- CVE-2021-30635Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific d...5.3
Product normalization is registry-driven with AI assist and human review. How it works