Sonatype Nexus
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sonatype Nexus.
By the Year
In 2026 there have been 0 vulnerabilities in Sonatype Nexus. Nexus did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 6.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 5 | 6.43 |
| 2019 | 1 | 9.80 |
It may take a day or so for new Nexus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sonatype Nexus Security Vulnerabilities
Hard-Coded Credentials in Sonatype Nexus Repository 3.0.0-3.72.0
CVE-2024-5764
6.5 - Medium
- October 23, 2024
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). The affected versions relied on a static hard-coded encryption passphrase. While it was possible for an administrator to define an alternate encryption passphrase, it could only be done at first boot and not updated. This issue affects Nexus Repository: from 3.0.0 through 3.72.0.
Use of Hard-coded Credentials
In Sonatype Nexus Repository 3.26.1, an S3 secret key
CVE-2020-24622
4.9 - Medium
- August 25, 2020
In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.
Insufficiently Protected Credentials
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
CVE-2020-11444
- April 02, 2020
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
Sonatype Nexus Repository before 3.21.2
CVE-2020-10199
8.8 - High
- April 01, 2020
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
EL Injection
Sonatype Nexus Repository before 3.21.2
CVE-2020-10203
4.8 - Medium
- April 01, 2020
Sonatype Nexus Repository before 3.21.2 allows XSS.
XSS
Sonatype Nexus Repository before 3.21.2
CVE-2020-10204
7.2 - High
- April 01, 2020
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
Improper Input Validation
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVE-2019-7238
9.8 - Critical
- March 21, 2019
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sonatype Nexus or by Sonatype? Click the Watch button to subscribe.
