apache
3,092 tracked vulnerabilities.
CVE-2023-34434
HIGH
Apache InLong 1.4.0-1.7.0 - Arbitrary File Read via Deserialization Bypass
Jul 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34189
MEDIUM
Apache InLong <1.7.0 - Privilege Escalation
Jul 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34478
CRITICAL
Apache Shiro < 1.12.0 - Path Traversal and Authentication Bypass via Non-Normalized Request Routing
Jul 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-28754
HIGH
Apache ShardingSphere-Agent - Code Injection
Jul 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-26512
CRITICAL
Apache EventMesh <1.8.0 - Code Injection
Jul 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-37415
HIGH
Apache Airflow Apache Hive Provider < 6.1.2 - OS Command Injection via Proxy User Option
Jul 13, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-37582
CRITICAL
NUCLEI
Apache RocketMQ - Remote Command Execution
Jul 12, 2023
CVSS 9.8
EPSS 0.90
CVE-2023-37579
HIGH
Apache Pulsar < 2.10.4 and 2.11.0 - Authenticated Credential Leak via Function Worker Source/Sink Configuration
Jul 12, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-36543
MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via Inefficient Regular Expression
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-35908
MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-31007
NONE
Apache Pulsar <= 2.9.4, 2.10.0-2.10.3, 2.11.0 - Improper Authentication via Expired Auth Data Bypass
Jul 12, 2023
EPSS 0.01
CVE-2023-30429
CRITICAL
Apache Pulsar < 2.10.4 and 2.11.0 - Incorrect Authorization via Pulsar Function Worker
Jul 12, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-30428
HIGH
Apache Pulsar 2.9.0-2.9.5, 2.10.0-2.10.3, 2.11.0 - Incorrect Authorization via Rest Producer
Jul 12, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-22888
MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22887
MEDIUM
Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-32200
HIGH
Apache Jena 3.7.0-4.8.0 - Remote Code Execution via SPARQL Query
Jul 12, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-35887
MEDIUM
Apache MINA SSHD < 2.9.3 - Path Traversal via Parent Navigation
Jul 10, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-34442
LOW
Apache Camel 3.0.0-3.14.8 3.18.0-3.18.7 3.20.0-3.20.5 4.0.0-M3 - Exposure of Sensitive Information
Jul 10, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-33008
MEDIUM
Apache Johnzon <= 1.2.20 - Denial of Service via BigDecimal Deserialization
Jul 07, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-34150
MEDIUM
Apache Any23 < 2.7 - Denial of Service via TikaEncodingDetector
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-35797
CRITICAL
Apache Airflow Hive Provider < 6.1.1 - Remote Code Execution via Principal Parameter
Jul 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-22886
HIGH
Apache Airflow JDBC Provider < 4.0.0 - Remote Code Execution via JDBC Connection URL Parameter
Jun 29, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-35798
MEDIUM
Apache Airflow ODBC Provider < 4.0.0 and MSSQL Provider < 3.4.1 - Improper Input Validation in get_sqlalchemy_connection
Jun 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-34395
HIGH
Apache Airflow ODBC Provider < 4.0.0 - Command Injection via ODBC Driver Parameters
Jun 27, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-31469
HIGH
Apache StreamPipes <0.92.0 - Privilege Escalation
Jun 23, 2023
CVSS 8.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters