apache

3,092 tracked vulnerabilities.

CVE-2023-24998 HIGH
Apache Commons FileUpload < 1.5 - Denial of Service via Unlimited Request Parts
Feb 20, 2023
CVSS 7.5
EPSS 0.47
CVE-2023-25141 HIGH
Apache Sling JCR Base < 3.1.12 - Remote Code Execution via JDNI and RMI in RepositoryAccessor
Feb 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22832 HIGH
Apache NiFi 1.2.0-1.19.1 - XML External Entity Injection in ExtractCCDAAttributes Processor
Feb 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25194 HIGH NUCLEI
Apache Kafka Connect 2.3.0-3.3.1 - Authenticated Remote Code Execution via SASL JAAS Config Deserialization
Feb 07, 2023
CVSS 8.8
EPSS 0.95
CVE-2023-22849 MEDIUM
Apache Sling CMS < 1.1.6 - Authenticated Reflected Cross-Site Scripting
Feb 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-24997 CRITICAL
Apache InLong 1.1.0-1.5.0 - Deserialization of Untrusted Data
Feb 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-24977 HIGH
Apache InLong 1.1.0-1.5.0 - Out-of-bounds Read
Feb 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-24829 HIGH
Apache IoTDB 0.13.0-0.13.2 - Incorrect Authorization in iotdb-web-workbench
Jan 31, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-24830 HIGH
Apache IoTDB 0.13.0-0.13.3 - Improper Authentication in iotdb-web-workbench
Jan 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22884 CRITICAL
Apache Airflow < 2.5.1 and Apache Airflow MySQL Provider < 4.0.0 - Command Injection
Jan 21, 2023
CVSS 9.8
EPSS 0.11
CVE-2023-22602 HIGH
Apache Shiro < 1.11.0 - Authentication Bypass via Spring Boot Pattern Matching Conflict
Jan 14, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-31764 HIGH
Apache ShardingSphere ElasticJob-UI <3.0.2 - RCE
Feb 06, 2025
CVSS 8.5
EPSS 0.01
CVE-2022-41137 HIGH
Apache Hive - Remote Code Execution
Dec 05, 2024
CVSS 8.3
EPSS 0.02
CVE-2022-47894 MEDIUM
Apache Zeppelin SAP 0.8.0-0.10.1 - Improper Input Validation
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2022-34321 HIGH
Apache Pulsar 2.6.0-2.10.5, 2.11.0-2.11.2, 3.0.0-3.0.1, 3.1.0 - Info Exposure & DoS via /proxy-stats
Mar 12, 2024
CVSS 8.2
EPSS 0.02
CVE-2022-39337 HIGH
Hertzbeat < 1.2.1 - Unauthenticated Permission Bypass
Dec 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-45135 CRITICAL
Apache Cocoon 2.2.0-2.2.9 - SQL Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-41678 HIGH NUCLEI
Apache ActiveMQ Jolokia - Authenticated MBean Code Execution
Nov 28, 2023
CVSS 8.8
EPSS 0.86
CVE-2022-46337 CRITICAL
Apache Derby 10.1.1.0-10.14.3.0 - LDAP Authentication Bypass via Username Injection
Nov 20, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-44730 MEDIUM
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 4.4
EPSS 0.01
CVE-2022-44729 HIGH
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 7.1
EPSS 0.01
CVE-2022-46751 HIGH
Apache Ivy < 2.5.2 - XML External Entity Injection via DTD Processing
Aug 21, 2023
CVSS 8.2
EPSS 0.02
CVE-2022-47185 HIGH
Apache Traffic Server <9.2.1 - Info Disclosure
Aug 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-46651 MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-45855 HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.01