Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owasp dependency-track vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2022-39351
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependen...
Owasp Dependency-track
5.4
CVSSv3
CVE-2019-1020007
Dependency-Track prior to 3.5.1 allows XSS.
Owasp Dependency-track
8.8
CVSSv3
CVE-2021-21633
A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and previous versions allows malicious users to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
Jenkins Owasp Dependency-track
6.5
CVSSv3
CVE-2021-21632
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
Jenkins Owasp Dependency-track
5.4
CVSSv3
CVE-2022-39350
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in m...
Owasp Dependency-track Frontend
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started