Sonatype CVE Feed

CVE-2022-45868 - H2 - Plaintext Password

CVE-2024-6060 - Phloc Webscopes - Sensitive Information Disclosure via Logs

CVE-2025-1716 - picklescan - Security scanning bypass via 'pip main'

CVE-2025-1889 - picklescan - Security scanning bypass via non-standard file extensions

CVE-2025-1944 - picklescan - ZIP archive manipulation attack causing crash

CVE-2025-1945 - picklescan - bypass malicious pickle detection inside PyTorch models via ZIP file flag bits

Page updated

Report abuse