apache

3,092 tracked vulnerabilities.

CVE-2023-28710 HIGH
Apache Airflow Spark Provider <4.0.1 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28707 HIGH
Apache Airflow Drill Provider <2.3.2 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28706 CRITICAL
Apache Airflow Hive Provider <6.0.0 - Code Injection
Apr 07, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-26269 HIGH
Apache James <3.7.3 - Privilege Escalation
Apr 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-28935 HIGH
Apache UIMA DUCC - Command Injection
Mar 30, 2023
CVSS 8.8
EPSS 0.03
CVE-2023-28158 MEDIUM
Apache Archiva 2.0-2.2.9 - Authenticated Stored Cross-Site Scripting via Directory Name Injection
Mar 29, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-28326 CRITICAL
Apache OpenMeetings 2.0.0-7.0.0 - Unauthenticated Privilege Escalation
Mar 28, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-25197 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-25196 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-25195 HIGH
Apache Fineract 1.4.0-1.8.3 - Authenticated Server-Side Request Forgery
Mar 28, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-27296 HIGH
Apache InLong <1.5.0 - Deserialization
Mar 27, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28708 MEDIUM
Apache Tomcat <11.0.0-M2 - Info Disclosure
Mar 22, 2023
CVSS 4.3
EPSS 0.02
CVE-2023-26513 HIGH
Apache Sling Resource Merger <1.4.2 - Info Disclosure
Mar 20, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25695 MEDIUM
Apache Airflow < 2.5.2 - Sensitive Information Exposure via Error Message
Mar 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-26464 HIGH
Apache Log4j < 2.0 - Denial of Service via Chainsaw or SocketAppender Deserialization
Mar 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-23638 MEDIUM
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
Mar 08, 2023
CVSS 5.0
EPSS 0.05
CVE-2023-27522 HIGH
Apache HTTP Server 2.4.30-2.4.55 - HTTP Response Smuggling via mod_proxy_uwsgi Origin Response Header
Mar 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25690 CRITICAL
Apache HTTP Server 2.4.0-2.4.55 - HTTP Request Smuggling via mod_proxy RewriteRule
Mar 07, 2023
CVSS 9.8
EPSS 0.84
CVE-2023-25956 HIGH
Apache Airflow AWS Provider < 7.2.1 - Sensitive Information Exposure via Error Message
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25696 CRITICAL
Apache Airflow Hive Provider < 5.1.3 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25693 CRITICAL
Apache Airflow Sqoop Provider < 3.1.1 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25692 HIGH
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-25691 CRITICAL
Apache Airflow Google Provider < 8.10.0 - Improper Input Validation
Feb 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25621 MEDIUM
Apache Sling i18n < 2.6.2 - Privilege Escalation via i18n Dictionary Manipulation
Feb 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-25613 CRITICAL
Apache Kerby LDAP Backend < 2.0.3 - LDAP Injection
Feb 20, 2023
CVSS 9.8
EPSS 0.01