CVE-2025-61776

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

CVE-2025-61776

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

CVE-2025-61776

Dependency-Track prior to version 4.13.5 is affected by a credential leakage vulnerability where credentials intended for a private NuGet repository can be sent to api.nuget.org via the HTTP Authorization header, and names/versions of internal components can be disclosed to api.nuget.org. This sc...

Dependency-Track 安全漏洞

Dependency-Track is Dependency-Track's open source suite of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.13.5, which stems from the possibility of sending private NuGet...

dotnet: NuGet Credential leak due to loss of control of third party symbol server domain

.NET and Visual Studio Information Disclosure Vulnerability...