apache

3,092 tracked vulnerabilities.

CVE-2023-49145 HIGH
Apache NiFi 0.7.0-1.23.2 - Authenticated DOM-Based Cross-Site Scripting in JoltTransformJSON Processor
Nov 27, 2023
CVSS 7.9
EPSS 0.01
CVE-2023-43701 MEDIUM
Apache Superset <2.1.2 - Code Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42501 MEDIUM
Apache Superset < 2.1.2 - Authenticated Unnecessary Read Permissions in Gamma Role
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-40610 MEDIUM
Apache Superset <2.1.2 - Privilege Escalation
Nov 27, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-49068 HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Nov 27, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-48796 HIGH
Apache DolphinScheduler - Info Disclosure
Nov 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43123 MEDIUM
Apache Storm 2.0.0-2.5.9 - Information Exposure via Insecure Temporary File Permissions
Nov 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-37924 CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
Nov 22, 2023
CVSS 9.8
EPSS 0.07
CVE-2023-46302 CRITICAL
Apache Submarine - YAML Deserialization
Nov 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-26031 HIGH
Apache Hadoop <3.3.4 - Privilege Escalation
Nov 16, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-47037 MEDIUM
Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission
Nov 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42781 MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
Nov 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-47248 CRITICAL NUCLEI
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
Nov 09, 2023
CVSS 9.8
EPSS 0.14
CVE-2023-39913 HIGH
Apache UIMA Java SDK < 3.5.0 - Remote Code Execution via Untrusted Java Deserialization
Nov 08, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-46819 MEDIUM
Apache OFBiz <18.12.09 - Info Disclosure
Nov 07, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-46851 MEDIUM
Apache Allura <1.16.0 - Info Disclosure
Nov 07, 2023
CVSS 4.9
EPSS 0.02
CVE-2023-46215 HIGH
Apache Airflow <2.6.3, <3.4.0 - Info Disclosure
Oct 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-46604 CRITICAL KEVNUCLEI
Java OpenWire - Deserialization RCE
Oct 27, 2023
CVSS 10.0
EPSS 1.00
CVE-2023-46288 MEDIUM
Apache Airflow <2.7.0 - Info Disclosure
Oct 23, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-45802 MEDIUM
Apache HTTP Server 2.4.17-2.4.57 - Denial of Service via HTTP/2 Stream Reset
Oct 23, 2023
CVSS 5.9
EPSS 0.03
CVE-2023-43622 HIGH
Apache HTTP Server 2.4.55-2.4.57 - Denial of Service via HTTP/2 Zero Window Size
Oct 23, 2023
CVSS 7.5
EPSS 0.71
CVE-2023-31122 HIGH
Apache HTTP Server <2.4.57 - Buffer Overflow
Oct 23, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-44483 MEDIUM
Apache Santuario XML Security for Java < 2.2.6, 2.3.0-2.3.4 - Private Key Disclosure in Log Files
Oct 20, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46227 HIGH
Apache InLong <1.8.0 - Use After Free
Oct 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25753 MEDIUM
Apache ShenYu 2.5.1 - Server-Side Request Forgery via /sandbox/proxyGateway requestUrl Parameter
Oct 19, 2023
CVSS 6.5
EPSS 0.01