apache
3,092 tracked vulnerabilities.
CVE-2022-40705
HIGH
Apache SOAP >= 2.2 - XML External Entity Injection in RPCRouterServlet
Sep 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-40754
MEDIUM
Apache Airflow 2.3.0-2.3.4 - Open Redirect via Confirm Endpoint
Sep 21, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-40604
HIGH
Apache Airflow 2.3.0-2.3.4 - Information Exposure via URL Format String
Sep 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-40955
HIGH
Apache InLong <1.3.0 - Deserialization
Sep 20, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-34917
HIGH
Apache Kafka 2.8.0-2.8.1 - Unauthenticated Denial of Service via Memory Allocation
Sep 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-39135
CRITICAL
Apache Calcite 1.22.0-1.31.0 - XML External Entity Injection via SQL Operators
Sep 11, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-28220
HIGH
Apache James < 3.6.3 and 3.7.1 - Command Injection via STARTTLS Buffering Attack
Sep 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-38370
HIGH
Apache IoTDB grafana-connector <0.13.1 - Info Disclosure
Sep 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38369
HIGH
Apache IoTDB 0.13.0 - Session Fixation
Sep 05, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-38170
MEDIUM
Apache Airflow <2.3.4 - Info Disclosure
Sep 02, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-38054
CRITICAL
Apache Airflow <2.3.3 - Info Disclosure
Sep 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-29158
HIGH
Apache OFBiz < 18.12.06 - Unauthenticated Regular Expression Denial of Service
Sep 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-29063
CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Solr Plugin RMI Request
Sep 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-25813
HIGH
Apache OFBiz < 18.12.06 - Server-Side Template Injection via Ecommerce Contact Us Subject Field
Sep 02, 2022
CVSS 7.5
EPSS 0.67
CVE-2022-25371
CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Birt Plugin
Sep 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-25370
MEDIUM
Apache OFBiz < 18.12.06 - Unauthenticated Stored Cross-Site Scripting via Birt Plugin
Sep 02, 2022
CVSS 5.4
EPSS 0.02
CVE-2022-37435
HIGH
Apache ShenYu 2.4.2-2.4.3 - Authenticated Privilege Escalation via Password Modification
Sep 01, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-37023
MEDIUM
Apache Geode < 1.15.0 - Deserialization of Untrusted Data via REST API
Aug 31, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-37022
HIGH
Apache Geode < 1.12.2 and 1.13.2 - Deserialization of Untrusted Data via JMX over RMI
Aug 31, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-37021
CRITICAL
Apache Geode <= 1.12.5, 1.13.4, 1.14.0 - Deserialization of Untrusted Data via JMX over RMI
Aug 31, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-22728
HIGH
Apache libapreq2 <= 2.16 - Denial of Service via Multipart Form Upload Buffer Overflow
Aug 25, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-35278
MEDIUM
Apache ActiveMQ Artemis < 2.24.0 - Cross-Site Scripting via Address or Queue Name
Aug 23, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34916
CRITICAL
Apache Flume 1.4.0-1.10.0 - Remote Code Execution via JMS Source JNDI LDAP URI
Aug 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-38362
HIGH
Apache Airflow Docker <3.0.0 - Authenticated RCE
Aug 16, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-37401
HIGH
Apache OpenOffice <4.1.13 - Info Disclosure
Aug 15, 2022
CVSS 8.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters