All 5 CVE vulnerabilities found in Dependency-Track, with AI-generated Chinese analysis, references, and POCs.
Vendor: Dependency-Track
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-61776 | Dependency-Track possibly discloses private NuGet repository credentials to api.nuget.org CWE-522 | 4.7 | Medium | 2025-10-07 |
| CVE-2025-27137 | Dependency-Track vulnerable to local file inclusion via custom notification templates CWE-73 | 4.4 | Medium | 2025-02-24 |
| CVE-2024-54002 | Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint CWE-203 | 5.3 | Medium | 2024-12-04 |
| CVE-2022-39351 | Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions CWE-312 | 4.4 | Medium | 2022-10-25 |
| CVE-2019-1020007 | Dependency-Track 跨站脚本漏洞 | 5.4 | - | 2019-07-29 |
All 5 known CVE vulnerabilities affecting Dependency-Track with full Chinese analysis, references, and POCs where available.