apache
3,092 tracked vulnerabilities.
CVE-2023-28710
HIGH
Apache Airflow Spark Provider <4.0.1 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28707
HIGH
Apache Airflow Drill Provider <2.3.2 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28706
CRITICAL
Apache Airflow Hive Provider <6.0.0 - Code Injection
Apr 07, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-26269
HIGH
Apache James <3.7.3 - Privilege Escalation
Apr 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-28935
HIGH
Apache UIMA DUCC - Command Injection
Mar 30, 2023
CVSS 8.8
EPSS 0.03
CVE-2023-28158
MEDIUM
Apache Archiva 2.0-2.2.9 - Authenticated Stored Cross-Site Scripting via Directory Name Injection
Mar 29, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-28326
CRITICAL
Apache OpenMeetings 2.0.0-7.0.0 - Unauthenticated Privilege Escalation
Mar 28, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-25197
MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-25196
MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-25195
HIGH
Apache Fineract 1.4.0-1.8.3 - Authenticated Server-Side Request Forgery
Mar 28, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-27296
HIGH
Apache InLong <1.5.0 - Deserialization
Mar 27, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28708
MEDIUM
Apache Tomcat <11.0.0-M2 - Info Disclosure
Mar 22, 2023
CVSS 4.3
EPSS 0.02
CVE-2023-26513
HIGH
Apache Sling Resource Merger <1.4.2 - Info Disclosure
Mar 20, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25695
MEDIUM
Apache Airflow < 2.5.2 - Sensitive Information Exposure via Error Message
Mar 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-26464
HIGH
Apache Log4j < 2.0 - Denial of Service via Chainsaw or SocketAppender Deserialization
Mar 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-23638
MEDIUM
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
Mar 08, 2023
CVSS 5.0
EPSS 0.05
CVE-2023-27522
HIGH
Apache HTTP Server 2.4.30-2.4.55 - HTTP Response Smuggling via mod_proxy_uwsgi Origin Response Header
Mar 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25690
CRITICAL
Apache HTTP Server 2.4.0-2.4.55 - HTTP Request Smuggling via mod_proxy RewriteRule
Mar 07, 2023
CVSS 9.8
EPSS 0.84
CVE-2023-25956
HIGH
Apache Airflow AWS Provider < 7.2.1 - Sensitive Information Exposure via Error Message
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25696
CRITICAL
Apache Airflow Hive Provider < 5.1.3 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25693
CRITICAL
Apache Airflow Sqoop Provider < 3.1.1 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25692
HIGH
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25691
CRITICAL
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25621
MEDIUM
Apache Sling i18n < 2.6.2 - Privilege Escalation via i18n Dictionary Manipulation
Feb 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-25613
CRITICAL
Apache Kerby LDAP Backend < 2.0.3 - LDAP Injection
Feb 20, 2023
CVSS 9.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters