144 matches found
GHSA-6FHJ-VR9J-G45R vulnerabilities
Vulnerabilities for packages: dependency-track...
GHSA-6FHJ-VR9J-G45R vulnerabilities
Vulnerabilities for packages: dependency-track...
CVE-2025-64518 vulnerabilities
Vulnerabilities for packages: dependency-track...
CVE-2025-61776
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776
Dependency-Track prior to version 4.13.5 is affected by a credential leakage vulnerability where credentials intended for a private NuGet repository can be sent to api.nuget.org via the HTTP Authorization header, and names/versions of internal components can be disclosed to api.nuget.org. This sc...
EUVD-2025-32901
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
EUVD-2019-2055
Malware in sbrugna...
Dependency-Track 安全漏洞
Dependency-Track is Dependency-Track's open source suite of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.13.5, which stems from the possibility of sending private NuGet...
PT-2025-41166
Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.5 Description Dependency-Track is a component analysis platform used for managing software supply chain risk. Versions prior to 4.13.5 may inadvertently transmit credentials intended for a private NuGet...
EUVD-2022-41821
Malicious code in bioql PyPI...
EUVD-2025-5076
Malicious code in bioql PyPI...
EUVD-2022-5312
Malicious code in bioql PyPI...
EUVD-2022-7072
Malicious code in bioql PyPI...
CVE-2025-7962 vulnerabilities
Vulnerabilities for packages: apicurio-registry, dependency-track, keycloak-config-cli, thingsboard, keycloak, apache-nifi, jenkins, wildfly...
GHSA-9342-92GG-6V29 vulnerabilities
Vulnerabilities for packages: apicurio-registry, dependency-track, keycloak-config-cli, thingsboard, keycloak, apache-nifi, jenkins, wildfly...
GHSA-9342-92GG-6V29 vulnerabilities
Vulnerabilities for packages: dependency-track, geoserver, thingsboard, elasticsearch-fips, keycloak-config-cli, elasticsearch, apache-nifi, apicurio-registry, keycloak-fips, keycloak, jenkins, wildfly...
CVE-2025-7962 vulnerabilities
Vulnerabilities for packages: dependency-track, geoserver, thingsboard, elasticsearch-fips, keycloak-config-cli, elasticsearch, apache-nifi, apicurio-registry, keycloak-fips, keycloak, jenkins, wildfly...