apache

3,092 tracked vulnerabilities.

CVE-2023-34434 HIGH
Apache InLong 1.4.0-1.7.0 - Arbitrary File Read via Deserialization Bypass
Jul 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34189 MEDIUM
Apache InLong <1.7.0 - Privilege Escalation
Jul 25, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-34478 CRITICAL
Apache Shiro < 1.12.0 - Path Traversal and Authentication Bypass via Non-Normalized Request Routing
Jul 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-28754 HIGH
Apache ShardingSphere-Agent - Code Injection
Jul 19, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-26512 CRITICAL
Apache EventMesh <1.8.0 - Code Injection
Jul 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-37415 HIGH
Apache Airflow Apache Hive Provider < 6.1.2 - OS Command Injection via Proxy User Option
Jul 13, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-37582 CRITICAL NUCLEI
Apache RocketMQ - Remote Command Execution
Jul 12, 2023
CVSS 9.8
EPSS 0.90
CVE-2023-37579 HIGH
Apache Pulsar < 2.10.4 and 2.11.0 - Authenticated Credential Leak via Function Worker Source/Sink Configuration
Jul 12, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-36543 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via Inefficient Regular Expression
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-35908 MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-31007 NONE
Apache Pulsar <= 2.9.4, 2.10.0-2.10.3, 2.11.0 - Improper Authentication via Expired Auth Data Bypass
Jul 12, 2023
EPSS 0.01
CVE-2023-30429 CRITICAL
Apache Pulsar < 2.10.4 and 2.11.0 - Incorrect Authorization via Pulsar Function Worker
Jul 12, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-30428 HIGH
Apache Pulsar 2.9.0-2.9.5, 2.10.0-2.10.3, 2.11.0 - Incorrect Authorization via Rest Producer
Jul 12, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-22888 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22887 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-32200 HIGH
Apache Jena 3.7.0-4.8.0 - Remote Code Execution via SPARQL Query
Jul 12, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-35887 MEDIUM
Apache MINA SSHD < 2.9.3 - Path Traversal via Parent Navigation
Jul 10, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-34442 LOW
Apache Camel 3.0.0-3.14.8 3.18.0-3.18.7 3.20.0-3.20.5 4.0.0-M3 - Exposure of Sensitive Information
Jul 10, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-33008 MEDIUM
Apache Johnzon <= 1.2.20 - Denial of Service via BigDecimal Deserialization
Jul 07, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-34150 MEDIUM
Apache Any23 < 2.7 - Denial of Service via TikaEncodingDetector
Jul 05, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-35797 CRITICAL
Apache Airflow Hive Provider < 6.1.1 - Remote Code Execution via Principal Parameter
Jul 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-22886 HIGH
Apache Airflow JDBC Provider < 4.0.0 - Remote Code Execution via JDBC Connection URL Parameter
Jun 29, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-35798 MEDIUM
Apache Airflow ODBC Provider < 4.0.0 and MSSQL Provider < 3.4.1 - Improper Input Validation in get_sqlalchemy_connection
Jun 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-34395 HIGH
Apache Airflow ODBC Provider < 4.0.0 - Command Injection via ODBC Driver Parameters
Jun 27, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-31469 HIGH
Apache StreamPipes <0.92.0 - Privilege Escalation
Jun 23, 2023
CVSS 8.8
EPSS 0.01