Known Vulnerabilities for Nexus Repository by Sonatype
Listed below are 5 of the newest known vulnerabilities associated with "Nexus Repository" by "Sonatype".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-7308 json | An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to exe... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-5189 json | CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthent... | Not Provided | 2026-04-15 | 2026-04-16 |
| CVE-2026-3438 json | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows ... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-3199 json | A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authen... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-3048 json | An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 ... | Not Provided | 2026-05-11 | 2026-05-11 |