- What is the Sonatype CNA?
- Sonatype is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 16 CVE records since 2024.
- How many CVEs has Sonatype published?
- Sonatype has published 16 CVE records, including 16 in the last two years.
- What is Sonatype's CVE data quality grade?
- RadicalNotion.AI grades Sonatype's CVE data quality as A, with an overall completeness score of 96.9%. This reflects how consistently its CVE records include vendor (93.8%), product (93.8%), CVSS (100%), and CWE (100%) information.
- What products does Sonatype publish CVEs for?
- Sonatype most frequently publishes CVEs for Nexus Repository, Nexus Repository Manager, picklescan, Nexus Repository 3, Nexus Repository 2.x.
- Which vendors does Sonatype cover?
- Sonatype publishes CVEs across 5 distinct vendors, most often Sonatype, PyPI, mmaitre314, yawkat, phlocbg.
- Is Sonatype actively publishing CVEs?
- Sonatype is currently active, based on 16 CVEs in the last two years.
- What is the average severity of Sonatype's CVEs?
- The average CVSS base score across Sonatype's scored CVEs is 6.5.
- How many critical CVEs has Sonatype published?
- Sonatype has published 4 critical-severity CVEs and 8 high-severity CVEs.
- Are any of Sonatype's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of Sonatype's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in Sonatype's CVEs?
- Sonatype's CVEs most often map to these CWE weakness types: CWE-918 (Server-Side Request Forgery (SSRF)), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-798 (Use of Hard-coded Credentials), CWE-502 (Deserialization of Untrusted Data).
- How does Sonatype rank among CNAs?
- By total CVE volume, Sonatype ranks #268 of 370 CNAs, and it reports more complete CVE records than 46% of all CNAs.