apache
3,092 tracked vulnerabilities.
CVE-2022-26885
HIGH
Apache DolphinScheduler < 2.0.6 - Information Disclosure
Nov 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45462
CRITICAL
Apache DolphinScheduler < 2.0.6 - Authenticated Command Injection in Alarm Instance Management
Nov 23, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-41131
HIGH
Apache Airflow <4.1.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 7.8
EPSS 0.02
CVE-2022-40954
MEDIUM
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-40189
CRITICAL
Apache Airflow < 2.3.0 - OS Command Injection via Pig Provider
Nov 22, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-38649
CRITICAL
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-45470
HIGH
Apache Hama < 1.7.1 - Path Traversal and Cross-Site Scripting
Nov 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45047
CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-40309
MEDIUM
Apache Archiva <= 2.2.9 - Arbitrary Directory Deletion
Nov 15, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-40308
HIGH
Apache Archiva < 2.2.9 - Unauthenticated Database File Exposure
Nov 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45402
MEDIUM
Apache Airflow < 2.4.3 - Open Redirect via Login Endpoint
Nov 15, 2022
CVSS 6.1
EPSS 0.82
CVE-2022-45136
CRITICAL
Apache Jena SDB < 3.17.0 - Remote Code Execution via JDBC Deserialization
Nov 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-45378
CRITICAL
Apache SOAP < 2.3 - Unauthenticated Remote Code Execution via RPCRouterServlet
Nov 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-40127
HIGH
NUCLEI
Apache Airflow < 2.4.0 - Authenticated Remote Code Execution via Run ID Parameter
Nov 14, 2022
CVSS 8.8
EPSS 0.86
CVE-2022-27949
HIGH
Apache Airflow < 2.3.1 - Unauthenticated Exposure of Sensitive Information in Task Template Rendering
Nov 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37866
HIGH
Apache Ivy 2.0.0-2.5.1 - Path Traversal via Artifact Coordinate Placeholders
Nov 07, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-42920
CRITICAL
Apache Commons BCEL < 6.6.0 - Arbitrary Bytecode Generation via Out-of-bounds Write
Nov 07, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-37865
CRITICAL
Apache Ivy 2.4.0-2.5.0 - Path Traversal and Arbitrary File Write via Archive Extraction
Nov 07, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-33684
HIGH
Apache Pulsar C++ Client - Man-in-the-Middle
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32287
HIGH
Apache UIMA < 3.3.0 - Path Traversal via ZIP Entry in PEAR File
Nov 03, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-43670
MEDIUM
Sling App CMS < 1.1.0 - Authenticated Reflected Cross-Site Scripting in Taxonomy Management
Nov 02, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-43985
MEDIUM
Apache Airflow <2.4.2 - Open Redirect
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-43982
MEDIUM
Apache Airflow < 2.4.2 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34662
MEDIUM
Apache DolphinScheduler < 3.0.0 - Authenticated Path Traversal via Resource Center
Nov 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-31777
MEDIUM
Apache Spark < 3.2.2 - Stored Cross-Site Scripting via Log Rendering
Nov 01, 2022
CVSS 5.4
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters