apache
3,092 tracked vulnerabilities.
CVE-2023-39196
MEDIUM
Apache Ozone 1.2.0-1.3.0 - Unauthenticated Metadata Disclosure in Storage Container Manager
Feb 07, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-51437
HIGH
Apache Pulsar <2.11.3, 3.0.2, 3.1.1 - Code Injection
Feb 07, 2024
CVSS 7.4
EPSS 0.01
CVE-2023-44313
HIGH
Apache ServiceComb < 2.2.0 - Server-Side Request Forgery
Jan 31, 2024
CVSS 7.6
EPSS 0.03
CVE-2023-44312
MEDIUM
Apache ServiceComb Service-Center < 2.1.0 - Exposure of Sensitive Information
Jan 31, 2024
CVSS 5.8
EPSS 0.01
CVE-2023-29055
HIGH
Apache Kylin <4.0.3 - Info Disclosure
Jan 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51702
MEDIUM
Apache Airflow 2.3.0-2.6.0 Sensitive Information Exposure in Deferrable Mode
Jan 24, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50944
MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
Jan 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-50943
HIGH
Apache Airflow < 2.8.1 - Deserialization of Untrusted Data via XCom Poisoning
Jan 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-49657
CRITICAL
Apache Superset < 3.0.3 - Authenticated Stored Cross-Site Scripting in Chart or Dashboard
Jan 23, 2024
CVSS 9.6
EPSS 0.01
CVE-2023-46226
CRITICAL
Apache IoTDB 1.0.0-1.2.2 - Remote Code Execution
Jan 15, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-50290
MEDIUM
NUCLEI
Apache Solr 9.0.0-9.2.9 - Authenticated Exposure of Sensitive Information via Metrics API
Jan 15, 2024
CVSS 6.5
EPSS 0.69
CVE-2023-46749
MEDIUM
Apache Shiro <1.13.0, <2.0.0-alpha-4 - Path Traversal
Jan 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49619
LOW
Apache Answer <= 1.2.0 - Race Condition in Question Bookmarking
Jan 10, 2024
CVSS 3.1
EPSS 0.01
CVE-2023-51441
HIGH
Apache Axis <= 1.3 - Server-Side Request Forgery via Admin Service
Jan 06, 2024
CVSS 7.2
EPSS 0.01
CVE-2023-51785
HIGH
Apache InLong <1.10.0 - Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51784
CRITICAL
Apache InLong <1.10.0 - Code Injection
Jan 03, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-49299
HIGH
Apache DolphinScheduler <3.1.9 - XSS
Dec 30, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-47804
HIGH
Apache OpenOffice < 4.1.15 - Unauthenticated Arbitrary Script Execution via Macro Link Activation
Dec 29, 2023
CVSS 8.8
EPSS 0.03
CVE-2023-51467
CRITICAL
NUCLEI
Apache OFBiz XML-RPC Java Deserialization
Dec 26, 2023
CVSS 9.8
EPSS 0.96
CVE-2023-50968
HIGH
NUCLEI
Apache OFBiz < 18.12.11 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
Dec 26, 2023
CVSS 7.5
EPSS 0.63
CVE-2023-51650
HIGH
Hertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
Dec 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-51387
HIGH
Hertzbeat <1.4.1 - Command Injection
Dec 22, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-51656
CRITICAL
Apache IoTDB <1.2.2 - Deserialization
Dec 21, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-50783
MEDIUM
Apache Airflow < 2.8.0 - Authenticated Unauthorized Variable Modification
Dec 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49920
MEDIUM
Apache Airflow 2.7.0-2.7.3 - Cross-Site Request Forgery via DAG Trigger GET Request
Dec 21, 2023
CVSS 6.5
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters