Product
sonatype nexus
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-70048
CVE-2025-70047
CVE-2020-24622
CVE-2020-11444
CVE-2020-10204
CVE-2020-10203
CVE-2020-10199
CVE-2014-9389
CVE-2014-2034
CVE-2014-0792
all versions
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-b
all versions
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
>= 3.0.0 and < 3.27.0
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
>= 3.0.0 and <= 3.21.2
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
< 3.21.2
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
< 3.21.2
Sonatype Nexus Repository before 3.21.2 allows XSS.
< 3.21.2
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
<= 2.11.0
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbit
all versions
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via
all versions
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspeci