apache
3,092 tracked vulnerabilities.
CVE-2023-24998
HIGH
Apache Commons FileUpload < 1.5 - Denial of Service via Unlimited Request Parts
Feb 20, 2023
CVSS 7.5
EPSS 0.47
CVE-2023-25141
HIGH
Apache Sling JCR Base < 3.1.12 - Remote Code Execution via JDNI and RMI in RepositoryAccessor
Feb 14, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22832
HIGH
Apache NiFi 1.2.0-1.19.1 - XML External Entity Injection in ExtractCCDAAttributes Processor
Feb 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25194
HIGH
NUCLEI
Apache Kafka Connect 2.3.0-3.3.1 - Authenticated Remote Code Execution via SASL JAAS Config Deserialization
Feb 07, 2023
CVSS 8.8
EPSS 0.95
CVE-2023-22849
MEDIUM
Apache Sling CMS < 1.1.6 - Authenticated Reflected Cross-Site Scripting
Feb 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-24997
CRITICAL
Apache InLong 1.1.0-1.5.0 - Deserialization of Untrusted Data
Feb 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-24977
HIGH
Apache InLong 1.1.0-1.5.0 - Out-of-bounds Read
Feb 01, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-24829
HIGH
Apache IoTDB 0.13.0-0.13.2 - Incorrect Authorization in iotdb-web-workbench
Jan 31, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-24830
HIGH
Apache IoTDB 0.13.0-0.13.3 - Improper Authentication in iotdb-web-workbench
Jan 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-22884
CRITICAL
Apache Airflow < 2.5.1 and Apache Airflow MySQL Provider < 4.0.0 - Command Injection
Jan 21, 2023
CVSS 9.8
EPSS 0.11
CVE-2023-22602
HIGH
Apache Shiro < 1.11.0 - Authentication Bypass via Spring Boot Pattern Matching Conflict
Jan 14, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-31764
HIGH
Apache ShardingSphere ElasticJob-UI <3.0.2 - RCE
Feb 06, 2025
CVSS 8.5
EPSS 0.01
CVE-2022-41137
HIGH
Apache Hive - Remote Code Execution
Dec 05, 2024
CVSS 8.3
EPSS 0.02
CVE-2022-47894
MEDIUM
Apache Zeppelin SAP 0.8.0-0.10.1 - Improper Input Validation
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2022-34321
HIGH
Apache Pulsar 2.6.0-2.10.5, 2.11.0-2.11.2, 3.0.0-3.0.1, 3.1.0 - Info Exposure & DoS via /proxy-stats
Mar 12, 2024
CVSS 8.2
EPSS 0.02
CVE-2022-39337
HIGH
Hertzbeat < 1.2.1 - Unauthenticated Permission Bypass
Dec 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-45135
CRITICAL
Apache Cocoon 2.2.0-2.2.9 - SQL Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-41678
HIGH
NUCLEI
Apache ActiveMQ Jolokia - Authenticated MBean Code Execution
Nov 28, 2023
CVSS 8.8
EPSS 0.86
CVE-2022-46337
CRITICAL
Apache Derby 10.1.1.0-10.14.3.0 - LDAP Authentication Bypass via Username Injection
Nov 20, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-44730
MEDIUM
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 4.4
EPSS 0.01
CVE-2022-44729
HIGH
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 7.1
EPSS 0.01
CVE-2022-46751
HIGH
Apache Ivy < 2.5.2 - XML External Entity Injection via DTD Processing
Aug 21, 2023
CVSS 8.2
EPSS 0.02
CVE-2022-47185
HIGH
Apache Traffic Server <9.2.1 - Info Disclosure
Aug 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-46651
MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-45855
HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters