CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

CVE-2025-64758 @dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

EUVD-2022-7072

Malicious code in bioql PyPI...

PT-2022-24919 · Unknown +1 · @Dependencytrack/Frontend +1

Name of the Vulnerable Software and Affected Versions: @dependencytrack/frontend versions prior to 4.6.1 Description: The Dependency-Track frontend is a Single Page Application SPA that renders vulnerability details using the JavaScript library Showdown. Since Showdown does not have any XSS...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...