apache
3,092 tracked vulnerabilities.
CVE-2022-23913
HIGH
Apache ActiveMQ Artemis <2.20.0-2.19.1 - DoS
Feb 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-23181
HIGH
Apache Tomcat 8.5.55-8.5.73, 9.0.35-9.0.56, 10.0.0-M5-10.0.14, 10.1.0-M1-10.1.0-M8 - TOCTOU Race Condition in FileStore
Jan 27, 2022
CVSS 7.0
EPSS 0.01
CVE-2022-22932
MEDIUM
Apache Karaf < 4.2.15 and 4.3.0-4.3.6 - Path Traversal via obr Commands and karaf-maven-plugin
Jan 26, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-23945
HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration
Jan 25, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-23944
CRITICAL
NUCLEI
Apache ShenYu <2.4.1 - Info Disclosure
Jan 25, 2022
CVSS 9.1
EPSS 0.79
CVE-2022-23223
HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Password Disclosure
Jan 25, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-23437
MEDIUM
Apache Xerces-J < 2.12.1 - Denial of Service via Infinite Loop in XML Parser
Jan 24, 2022
CVSS 6.5
EPSS 0.04
CVE-2022-22733
MEDIUM
NUCLEI
Apache ShardingSphere ElasticJob-UI <= 3.0.0 - Authenticated Privilege Escalation via Guest Account
Jan 20, 2022
CVSS 6.5
EPSS 0.38
CVE-2022-23307
HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.52
CVE-2022-23305
CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.67
CVE-2022-23302
HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.62
CVE-2021-28656
MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Request Forgery in Credential Page
Apr 09, 2024
CVSS 5.4
EPSS 0.00
CVE-2021-40331
HIGH
Apache Ranger Hive Plugin <2.4.0 - Privilege Escalation
May 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2021-32824
CRITICAL
Apache Dubbo < 2.6.10 - Unauthenticated Remote Code Execution via Telnet Handler Bean Manipulation
Jan 03, 2023
CVSS 9.8
EPSS 0.03
CVE-2021-28655
MEDIUM
Apache Zeppelin < 0.9.0 - Arbitrary File Deletion via Move Folder to Trash Feature
Dec 16, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-37533
MEDIUM
Apache Commons Net < 3.9.0 - Information Disclosure via FTP PASV Host Redirection
Dec 03, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-42010
CRITICAL
Apache Heron <= 0.20.4-incubating - CRLF Log Injection
Oct 24, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-43980
LOW
Apache Tomcat < 8.5.77 - Race Condition
Sep 28, 2022
CVSS 3.7
EPSS 0.02
CVE-2021-25642
HIGH
Apache Hadoop 2.9.0-2.10.1 - Remote Code Execution via ZKConfigurationStore Deserialization
Aug 25, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-4040
MEDIUM
AMQ Broker < 7.10.0 - Uncontrolled Resource Consumption via Maliciously Crafted Messages
Aug 24, 2022
CVSS 5.3
EPSS 0.02
CVE-2021-37150
HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-34538
HIGH
Apache Hive < 3.1.3 - Unauthenticated UDF Manipulation via CREATE and DROP Operations
Jul 16, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-44791
MEDIUM
Apache Druid < 0.22.1 and 0.23.0 - Reflected Cross-Site Scripting via Unescaped URL Parameters
Jul 07, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-37839
MEDIUM
Apache Superset <1.5.1 - Info Disclosure
Jul 06, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-33036
HIGH
Apache Hadoop <2.10.2, <3.2.3, <3.3.2 - Privilege Escalation
Jun 15, 2022
CVSS 8.8
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters