4 matches found
CVE-2025-61776
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...
PT-2025-41166
Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.5 Description Dependency-Track is a component analysis platform used for managing software supply chain risk. Versions prior to 4.13.5 may inadvertently transmit credentials intended for a private NuGet...
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages...