Known Vulnerabilities for products from Sonatype
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Sonatype".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-10748 json | Not Provided | 2026-06-16 | 2026-06-16 | |
| CVE-2026-10741 json | Not Provided | 2026-06-17 | 2026-06-17 | |
| CVE-2026-7308 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2026-5189 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-3438 json | Not Provided | 2026-04-08 | 2026-04-09 | |
| CVE-2026-3329 json | Not Provided | 2026-06-11 | 2026-06-11 | |
| CVE-2026-3199 json | Not Provided | 2026-04-08 | 2026-04-09 | |
| CVE-2026-3048 json | Not Provided | 2026-05-11 | 2026-05-11 | |
| CVE-2022-27907 json | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. | 4.3 - MEDIUM | 2022-03-30 | 2022-04-07 |
| CVE-2021-43961 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.3 - MEDIUM | 2022-03-17 | 2022-07-12 |
| CVE-2021-43293 json | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enu... | 4.3 - MEDIUM | 2021-11-04 | 2021-11-05 |
| CVE-2021-42568 json | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a l... | 4.3 - MEDIUM | 2021-11-02 | 2022-06-28 |
| CVE-2021-40143 json | Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request,... | 8.2 - HIGH | 2021-09-07 | 2021-09-14 |
| CVE-2021-37152 json | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to... | 5.4 - MEDIUM | 2021-08-10 | 2021-08-16 |
| CVE-2021-34553 json | Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and re... | 4.3 - MEDIUM | 2021-06-18 | 2021-06-22 |
| CVE-2021-30635 json | Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exis... | 5.3 - MEDIUM | 2021-04-27 | 2021-05-04 |
| CVE-2021-29159 json | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker wit... | 6.1 - MEDIUM | 2021-04-28 | 2021-05-05 |
| CVE-2021-29158 json | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. | 4.9 - MEDIUM | 2021-04-23 | 2021-05-05 |
| CVE-2020-29436 json | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain acces... | 6.5 - MEDIUM | 2020-12-17 | 2020-12-18 |
| CVE-2020-24622 json | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. | 4.9 - MEDIUM | 2020-08-25 | 2022-04-28 |
Known software with vulnerabilities from Sonatype
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sonatype | Nexus | 2.0.4 |
| Application | Sonatype | Nexus Iq Server | 1.12 |
| Application | Sonatype | Nexus Repository Manager | 2.0 |
| Application | Sonatype | Nexus Repository Manager 2 | 2.0 |
| Application | Sonatype | Nexus Repository Manager 3 | 3.0.0 |