OWASP Dependency Track
By the Year
In 2024 there have been 0 vulnerabilities in OWASP Dependency Track . Dependency Track did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.40 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 5.40 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Dependency Track vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OWASP Dependency Track Security Vulnerabilities
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
CVE-2022-39351
4.4 - Medium
- October 25, 2022
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage.
Cleartext Storage of Sensitive Information
Dependency-Track before 3.5.1
CVE-2019-1020007
5.4 - Medium
- July 29, 2019
Dependency-Track before 3.5.1 allows XSS.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OWASP Dependency Track or by OWASP? Click the Watch button to subscribe.
