Known Vulnerabilities for products from Sonatype

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sonatype".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-5189 json Not Provided 2026-04-15 2026-04-15
CVE-2026-3438 json Not Provided 2026-04-08 2026-04-09
CVE-2026-3199 json Not Provided 2026-04-08 2026-04-09
CVE-2022-27907 json Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. 4.3 - MEDIUM 2022-03-30 2022-04-07
CVE-2021-43961 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 4.3 - MEDIUM 2022-03-17 2022-07-12
CVE-2021-43293 json Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enu... 4.3 - MEDIUM 2021-11-04 2021-11-05
CVE-2021-42568 json Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a l... 4.3 - MEDIUM 2021-11-02 2022-06-28
CVE-2021-40143 json Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request,... 8.2 - HIGH 2021-09-07 2021-09-14
CVE-2021-37152 json Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to... 5.4 - MEDIUM 2021-08-10 2021-08-16
CVE-2021-34553 json Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and re... 4.3 - MEDIUM 2021-06-18 2021-06-22
CVE-2021-30635 json Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exis... 5.3 - MEDIUM 2021-04-27 2021-05-04
CVE-2021-29159 json A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker wit... 6.1 - MEDIUM 2021-04-28 2021-05-05
CVE-2021-29158 json Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. 4.9 - MEDIUM 2021-04-23 2021-05-05
CVE-2020-29436 json Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain acces... 6.5 - MEDIUM 2020-12-17 2020-12-18
CVE-2020-24622 json In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. 4.9 - MEDIUM 2020-08-25 2022-04-28
CVE-2020-15871 json Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. 8.8 - HIGH 2020-07-31 2021-07-21
CVE-2020-15870 json Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). 6.1 - MEDIUM 2020-07-31 2020-08-11
CVE-2020-15869 json Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). 5.4 - MEDIUM 2020-07-31 2020-08-11
CVE-2020-15868 json Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. 7.5 - HIGH 2020-08-12 2021-07-21
CVE-2020-15012 json A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a cr... 8.6 - HIGH 2020-10-12 2020-10-21
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Sonatype

Type Vendor Product Version
ApplicationSonatypeNexus2.0.4
ApplicationSonatypeNexus Iq Server1.12
ApplicationSonatypeNexus Repository Manager2.0
ApplicationSonatypeNexus Repository Manager 22.0
ApplicationSonatypeNexus Repository Manager 33.0.0