Dependency-track@* Security Vulnerabilities and Issues — Dependency-track@* CVE List

Lucene search

OwaspDependency-track*

2 matches found

CVE•added 2022/10/25 5:15 p.m.•63 views

CVE-2022-39351

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit lo...

4.4CVSS4.8AI score0.00016EPSS

CVE•added 2019/07/29 3:15 p.m.•32 views

CVE-2019-1020007

Dependency-Track before 3.5.1 allows XSS.

5.4CVSS5.5AI score0.00206EPSS