Sonatype Nexus Repository ↗
Summary iPlain-English security verdict for Sonatype Nexus Repository, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Sonatype Nexus Repository currently scores 100/100 — healthy. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2020-10199) — staying on the latest supported version keeps you clear of it. The latest supported release is 3.93.0-06. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Sonatype Nexus Repository each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2020-10199 HIGH exploited CWE-917 EPSS 99% → fixed in 3.21.2See all 8 known Sonatype Nexus Repository CVEs & security history →
Get alerted about Sonatype Nexus Repository
Be emailed the moment Sonatype Nexus Repository gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for Sonatype Nexus Repository — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Sonatype Nexus Repository release line is supported — and when it sunsets. Select a line for its full report.
Full Sonatype Nexus Repository end-of-life dates & support timeline →
3.93 latest 3.93.0-06 Supported until 2027-12-043.93.0-06 → 3.92 latest 3.92.3-01 Supported until 2027-11-073.92.3-01 → 3.91 latest 3.91.1-04 Supported until 2027-10-073.91.1-04 → 3.90 latest 3.90.3-03 Supported until 2027-09-053.90.3-03 → 3.89 latest 3.89.1-02 Supported until 2027-08-033.89.1-02 → 3.88 latest 3.88.0-08 Supported until 2027-07-133.88.0-08 → 3.87 latest 3.87.2-01 Supported until 2027-06-023.87.2-01 → 3.86 latest 3.86.3-01 Supported until 2027-05-053.86.3-01 → 3.85 latest 3.85.1-01 Supported until 2027-04-073.85.1-01 → 3.84 latest 3.84.2-01 Supported until 2027-03-093.84.2-01 → See all upcoming end-of-life dates →Frequently asked
Is Sonatype Nexus Repository safe and patched?
Sonatype Nexus Repository currently scores 100/100 — healthy. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2020-10199) — staying on the latest supported version keeps you clear of it. The latest supported release is 3.93.0-06. It's on the latest patch with no significant known issues — keep it current.
What should I do about Sonatype Nexus Repository now?
Upgrade Sonatype Nexus Repository to the latest supported release (3.93.0-06) or later, which clears the actively-exploited issues affecting older versions, then confirm against Sonatype's official advisory.
When does Sonatype Nexus Repository reach end-of-life?
The latest supported Sonatype Nexus Repository release is 3.93.0-06. After end-of-life a release no longer receives security patches.
Which versions of Sonatype Nexus Repository are still receiving security updates?
Supported Sonatype Nexus Repository release lines (latest 3.93.0-06): 3.93, 3.92, 3.91, 3.90, 3.89, 3.88, 3.87, 3.86. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Sonatype's official advisory before you patch or upgrade — Sonatype Nexus Repository official site ↗