apache

2,899 tracked vulnerabilities.

CVE-2023-25956 HIGH
Apache Airflow AWS Provider < 7.2.1 - Sensitive Information Exposure via Error Message
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25696 CRITICAL
Apache Airflow Hive Provider < 5.1.3 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.04
CVE-2023-25693 CRITICAL
Apache Airflow Sqoop Provider < 3.1.1 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.04
CVE-2023-25692 HIGH
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25691 CRITICAL
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-25621 MEDIUM
Apache Sling i18n < 2.6.2 - Privilege Escalation via i18n Dictionary Manipulation
Feb 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-25613 CRITICAL
Apache Kerby LDAP Backend < 2.0.3 - LDAP Injection
Feb 20, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-24998 HIGH
Apache Commons FileUpload < 1.5 - Denial of Service via Unlimited Request Parts
Feb 20, 2023
CVSS 7.5
EPSS 0.37
CVE-2023-25141 HIGH
Apache Sling JCR Base < 3.1.12 - Remote Code Execution via JDNI and RMI in RepositoryAccessor
Feb 14, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22832 HIGH
Apache NiFi 1.2.0-1.19.1 - XML External Entity Injection in ExtractCCDAAttributes Processor
Feb 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25194 HIGH NUCLEI
Apache Kafka Connect 2.3.0-3.3.1 - Authenticated Remote Code Execution via SASL JAAS Config Deserialization
Feb 07, 2023
CVSS 8.8
EPSS 0.94
CVE-2023-22849 MEDIUM
Apache Sling CMS < 1.1.6 - Authenticated Reflected Cross-Site Scripting
Feb 04, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-24997 CRITICAL
Apache InLong 1.1.0-1.5.0 - Deserialization of Untrusted Data
Feb 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-24977 HIGH
Apache InLong 1.1.0-1.5.0 - Out-of-bounds Read
Feb 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-24829 HIGH
Apache IoTDB 0.13.0-0.13.2 - Incorrect Authorization in iotdb-web-workbench
Jan 31, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-24830 HIGH
Apache IoTDB 0.13.0-0.13.3 - Improper Authentication in iotdb-web-workbench
Jan 30, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-22884 CRITICAL
Apache Airflow < 2.5.1 and Apache Airflow MySQL Provider < 4.0.0 - Command Injection
Jan 21, 2023
CVSS 9.8
EPSS 0.76
CVE-2023-22602 HIGH
Apache Shiro < 1.11.0 - Authentication Bypass via Spring Boot Pattern Matching Conflict
Jan 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-31764 HIGH
Apache ShardingSphere ElasticJob-UI <3.0.2 - RCE
Feb 06, 2025
CVSS 8.5
EPSS 0.00
CVE-2022-41137 HIGH
Apache Hive - Remote Code Execution
Dec 05, 2024
CVSS 8.3
EPSS 0.08
CVE-2022-47894 MEDIUM
Apache Zeppelin SAP 0.8.0-0.10.1 - Improper Input Validation
Apr 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2022-34321 HIGH
Apache Pulsar 2.6.0-2.10.5, 2.11.0-2.11.2, 3.0.0-3.0.1, 3.1.0 - Info Exposure & DoS via /proxy-stats
Mar 12, 2024
CVSS 8.2
EPSS 0.00
CVE-2022-39337 HIGH
Hertzbeat < 1.2.1 - Unauthenticated Permission Bypass
Dec 22, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-45135 CRITICAL
Apache Cocoon 2.2.0-2.2.9 - SQL Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-41678 HIGH NUCLEI
Apache ActiveMQ Jolokia - Authenticated MBean Code Execution
Nov 28, 2023
CVSS 8.8
EPSS 0.93
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV