CVE-2025-61776 Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to api.nuget.org via the HTTP Authorization header, and may...

PT-2025-41166

Name of the Vulnerable Software and Affected Versions Dependency-Track versions prior to 4.13.5 Description Dependency-Track is a component analysis platform used for managing software supply chain risk. Versions prior to 4.13.5 may inadvertently transmit credentials intended for a private NuGet...