apache

3,092 tracked vulnerabilities.

CVE-2022-26885 HIGH
Apache DolphinScheduler < 2.0.6 - Information Disclosure
Nov 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45462 CRITICAL
Apache DolphinScheduler < 2.0.6 - Authenticated Command Injection in Alarm Instance Management
Nov 23, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-41131 HIGH
Apache Airflow <4.1.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 7.8
EPSS 0.02
CVE-2022-40954 MEDIUM
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-40189 CRITICAL
Apache Airflow < 2.3.0 - OS Command Injection via Pig Provider
Nov 22, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-38649 CRITICAL
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-45470 HIGH
Apache Hama < 1.7.1 - Path Traversal and Cross-Site Scripting
Nov 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45047 CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-40309 MEDIUM
Apache Archiva <= 2.2.9 - Arbitrary Directory Deletion
Nov 15, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-40308 HIGH
Apache Archiva < 2.2.9 - Unauthenticated Database File Exposure
Nov 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45402 MEDIUM
Apache Airflow < 2.4.3 - Open Redirect via Login Endpoint
Nov 15, 2022
CVSS 6.1
EPSS 0.82
CVE-2022-45136 CRITICAL
Apache Jena SDB < 3.17.0 - Remote Code Execution via JDBC Deserialization
Nov 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-45378 CRITICAL
Apache SOAP < 2.3 - Unauthenticated Remote Code Execution via RPCRouterServlet
Nov 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-40127 HIGH NUCLEI
Apache Airflow < 2.4.0 - Authenticated Remote Code Execution via Run ID Parameter
Nov 14, 2022
CVSS 8.8
EPSS 0.86
CVE-2022-27949 HIGH
Apache Airflow < 2.3.1 - Unauthenticated Exposure of Sensitive Information in Task Template Rendering
Nov 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37866 HIGH
Apache Ivy 2.0.0-2.5.1 - Path Traversal via Artifact Coordinate Placeholders
Nov 07, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-42920 CRITICAL
Apache Commons BCEL < 6.6.0 - Arbitrary Bytecode Generation via Out-of-bounds Write
Nov 07, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-37865 CRITICAL
Apache Ivy 2.4.0-2.5.0 - Path Traversal and Arbitrary File Write via Archive Extraction
Nov 07, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-33684 HIGH
Apache Pulsar C++ Client - Man-in-the-Middle
Nov 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-32287 HIGH
Apache UIMA < 3.3.0 - Path Traversal via ZIP Entry in PEAR File
Nov 03, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-43670 MEDIUM
Sling App CMS < 1.1.0 - Authenticated Reflected Cross-Site Scripting in Taxonomy Management
Nov 02, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-43985 MEDIUM
Apache Airflow <2.4.2 - Open Redirect
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-43982 MEDIUM
Apache Airflow < 2.4.2 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34662 MEDIUM
Apache DolphinScheduler < 3.0.0 - Authenticated Path Traversal via Resource Center
Nov 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-31777 MEDIUM
Apache Spark < 3.2.2 - Stored Cross-Site Scripting via Log Rendering
Nov 01, 2022
CVSS 5.4
EPSS 0.01