Reports in central security project program: S.No Title Bounty 1 c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration $0.0 2 Pippo XML Entity Expansion (Billion Laughs Attack) $0.0 3 OS Command Injection in Nexus Repository Manager 2.x $0.0 4 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) $0.0 5 Unrestricted File Upload Leading to Remote Code Execution $0.0 6 OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix $0.0 7 Unsafe deserialization in Nexus Repository helm plugin $0.0 8 Repositories of datanucleus are fetched over insecure protocol (http insted of https) $0.0