apache
3,092 tracked vulnerabilities.
CVE-2023-28709
HIGH
Apache Tomcat <11.0.0-M4, 10.1.7, 9.0.73, 8.5.87 - DoS
May 22, 2023
CVSS 7.5
EPSS 0.52
CVE-2023-29246
HIGH
Apache OpenMeetings <7.1.0 - Privilege Escalation
May 12, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-29032
HIGH
Apache OpenMeetings <7.1.0 - Info Disclosure
May 12, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-28936
MEDIUM
Apache OpenMeetings <7.1.0 - Info Disclosure
May 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-25754
CRITICAL
Apache Airflow <2.6.0 - Privilege Escalation
May 08, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-29247
MEDIUM
Apache Airflow < 2.6.0 - Stored Cross-Site Scripting in Task Instance Details Page
May 08, 2023
CVSS 5.4
EPSS 0.02
CVE-2023-31039
CRITICAL
Apache bRPC < 1.5.0 - Remote Code Execution via ServerOptions pid_file Parameter
May 08, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-31038
HIGH
Apache Log4cxx 0.9.0-1.0.0 - SQL Injection via ODBC Appender
May 08, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-26268
MEDIUM
Apache CouchDB < 3.2.3 - Exposure of Sensitive Information via Shared Javascript Environment in Design Documents
May 02, 2023
CVSS 4.4
EPSS 0.01
CVE-2023-32007
HIGH
Apache Spark UI - Privilege Escalation
May 02, 2023
CVSS 8.8
EPSS 0.76
CVE-2023-22665
MEDIUM
Apache Jena < 4.8.0 - Remote Code Execution via SPARQL Query
Apr 25, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-30776
MEDIUM
Apache Superset 1.3.0-2.0.1 - Authenticated Database Password Exposure via REST API
Apr 24, 2023
CVSS 4.9
EPSS 0.02
CVE-2023-27524
HIGH
KEVNUCLEI
Apache Superset Signed Cookie Priv Esc
Apr 24, 2023
CVSS 8.9
EPSS 0.97
CVE-2023-25601
MEDIUM
Apache DolphinScheduler 3.0.0-3.1.1 - Unauthenticated Improper Authentication via Python Gateway
Apr 20, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-27525
LOW
Apache Superset <= 2.0.1 - Authenticated Metadata Exposure via Non-Trivial Methods
Apr 17, 2023
CVSS 3.1
EPSS 0.01
CVE-2023-25504
MEDIUM
Apache Superset <= 2.0.1 - Authenticated Server-Side Request Forgery via Import Dataset Feature
Apr 17, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-30771
CRITICAL
Apache IoTDB Web Workbench 0.13.3 - Incorrect Authorization
Apr 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-22946
MEDIUM
Apache Spark < 3.4.0 - Privilege Escalation via Malicious Classpath Configuration
Apr 17, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-24831
CRITICAL
Apache IoTDB Grafana Connector 0.13.0-0.13.3 - Unauthenticated Authentication Bypass
Apr 17, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-30465
MEDIUM
Apache InLong 1.4.0-1.5.0 - SQL Injection via orderType Parameter
Apr 11, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-29216
CRITICAL
Apache Linkis <=1.3.1 - Deserialization
Apr 10, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-29215
CRITICAL
Apache Linkis <=1.3.1 - Code Injection
Apr 10, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-27987
CRITICAL
Apache Linkis <=1.3.1 - Inadequate Encryption Strength in Default Token Generation
Apr 10, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-27603
CRITICAL
Apache Linkis <=1.3.1 - Path Traversal via Zip Slip in EngineConn Material Upload
Apr 10, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-27602
CRITICAL
Apache Linkis <=1.3.1 - Unrestricted File Upload in PublicService Module
Apr 10, 2023
CVSS 9.8
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters