apache
3,092 tracked vulnerabilities.
CVE-2023-49145
HIGH
Apache NiFi 0.7.0-1.23.2 - Authenticated DOM-Based Cross-Site Scripting in JoltTransformJSON Processor
Nov 27, 2023
CVSS 7.9
EPSS 0.01
CVE-2023-43701
MEDIUM
Apache Superset <2.1.2 - Code Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42501
MEDIUM
Apache Superset < 2.1.2 - Authenticated Unnecessary Read Permissions in Gamma Role
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-40610
MEDIUM
Apache Superset <2.1.2 - Privilege Escalation
Nov 27, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-49068
HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Nov 27, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-48796
HIGH
Apache DolphinScheduler - Info Disclosure
Nov 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43123
MEDIUM
Apache Storm 2.0.0-2.5.9 - Information Exposure via Insecure Temporary File Permissions
Nov 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-37924
CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
Nov 22, 2023
CVSS 9.8
EPSS 0.07
CVE-2023-46302
CRITICAL
Apache Submarine - YAML Deserialization
Nov 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-26031
HIGH
Apache Hadoop <3.3.4 - Privilege Escalation
Nov 16, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-47037
MEDIUM
Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission
Nov 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42781
MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
Nov 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-47248
CRITICAL
NUCLEI
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
Nov 09, 2023
CVSS 9.8
EPSS 0.14
CVE-2023-39913
HIGH
Apache UIMA Java SDK < 3.5.0 - Remote Code Execution via Untrusted Java Deserialization
Nov 08, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-46819
MEDIUM
Apache OFBiz <18.12.09 - Info Disclosure
Nov 07, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-46851
MEDIUM
Apache Allura <1.16.0 - Info Disclosure
Nov 07, 2023
CVSS 4.9
EPSS 0.02
CVE-2023-46215
HIGH
Apache Airflow <2.6.3, <3.4.0 - Info Disclosure
Oct 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-46604
CRITICAL
KEVNUCLEI
Java OpenWire - Deserialization RCE
Oct 27, 2023
CVSS 10.0
EPSS 1.00
CVE-2023-46288
MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
Oct 23, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-45802
MEDIUM
Apache HTTP Server 2.4.17-2.4.57 - Denial of Service via HTTP/2 Stream Reset
Oct 23, 2023
CVSS 5.9
EPSS 0.03
CVE-2023-43622
HIGH
Apache HTTP Server 2.4.55-2.4.57 - Denial of Service via HTTP/2 Zero Window Size
Oct 23, 2023
CVSS 7.5
EPSS 0.71
CVE-2023-31122
HIGH
Apache HTTP Server <2.4.57 - Buffer Overflow
Oct 23, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-44483
MEDIUM
Apache Santuario XML Security for Java < 2.2.6, 2.3.0-2.3.4 - Private Key Disclosure in Log Files
Oct 20, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46227
HIGH
Apache InLong <1.8.0 - Use After Free
Oct 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25753
MEDIUM
Apache ShenYu 2.5.1 - Server-Side Request Forgery via /sandbox/proxyGateway requestUrl Parameter
Oct 19, 2023
CVSS 6.5
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters