apache

3,092 tracked vulnerabilities.

CVE-2023-39196 MEDIUM
Apache Ozone 1.2.0-1.3.0 - Unauthenticated Metadata Disclosure in Storage Container Manager
Feb 07, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-51437 HIGH
Apache Pulsar <2.11.3, 3.0.2, 3.1.1 - Code Injection
Feb 07, 2024
CVSS 7.4
EPSS 0.01
CVE-2023-44313 HIGH
Apache ServiceComb < 2.2.0 - Server-Side Request Forgery
Jan 31, 2024
CVSS 7.6
EPSS 0.03
CVE-2023-44312 MEDIUM
Apache ServiceComb Service-Center < 2.1.0 - Exposure of Sensitive Information
Jan 31, 2024
CVSS 5.8
EPSS 0.01
CVE-2023-29055 HIGH
Apache Kylin <4.0.3 - Info Disclosure
Jan 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51702 MEDIUM
Apache Airflow 2.3.0-2.6.0 Sensitive Information Exposure in Deferrable Mode
Jan 24, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50944 MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
Jan 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-50943 HIGH
Apache Airflow < 2.8.1 - Deserialization of Untrusted Data via XCom Poisoning
Jan 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-49657 CRITICAL
Apache Superset < 3.0.3 - Authenticated Stored Cross-Site Scripting in Chart or Dashboard
Jan 23, 2024
CVSS 9.6
EPSS 0.01
CVE-2023-46226 CRITICAL
Apache IoTDB 1.0.0-1.2.2 - Remote Code Execution
Jan 15, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-50290 MEDIUM NUCLEI
Apache Solr 9.0.0-9.2.9 - Authenticated Exposure of Sensitive Information via Metrics API
Jan 15, 2024
CVSS 6.5
EPSS 0.69
CVE-2023-46749 MEDIUM
Apache Shiro <1.13.0, <2.0.0-alpha-4 - Path Traversal
Jan 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49619 LOW
Apache Answer <= 1.2.0 - Race Condition in Question Bookmarking
Jan 10, 2024
CVSS 3.1
EPSS 0.01
CVE-2023-51441 HIGH
Apache Axis <= 1.3 - Server-Side Request Forgery via Admin Service
Jan 06, 2024
CVSS 7.2
EPSS 0.01
CVE-2023-51785 HIGH
Apache InLong <1.10.0 - Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51784 CRITICAL
Apache InLong <1.10.0 - Code Injection
Jan 03, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-49299 HIGH
Apache DolphinScheduler <3.1.9 - XSS
Dec 30, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-47804 HIGH
Apache OpenOffice < 4.1.15 - Unauthenticated Arbitrary Script Execution via Macro Link Activation
Dec 29, 2023
CVSS 8.8
EPSS 0.03
CVE-2023-51467 CRITICAL NUCLEI
Apache OFBiz XML-RPC Java Deserialization
Dec 26, 2023
CVSS 9.8
EPSS 0.96
CVE-2023-50968 HIGH NUCLEI
Apache OFBiz < 18.12.11 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
Dec 26, 2023
CVSS 7.5
EPSS 0.63
CVE-2023-51650 HIGH
Hertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
Dec 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-51387 HIGH
Hertzbeat <1.4.1 - Command Injection
Dec 22, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-51656 CRITICAL
Apache IoTDB <1.2.2 - Deserialization
Dec 21, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-50783 MEDIUM
Apache Airflow < 2.8.0 - Authenticated Unauthorized Variable Modification
Dec 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49920 MEDIUM
Apache Airflow 2.7.0-2.7.3 - Cross-Site Request Forgery via DAG Trigger GET Request
Dec 21, 2023
CVSS 6.5
EPSS 0.01