apache
3,092 tracked vulnerabilities.
CVE-2021-37404
CRITICAL
Apache Hadoop 2.9.0-2.10.1 and 3.3.0 - Heap Buffer Overflow via Unvalidated File Path
Jun 13, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-28544
MEDIUM
Apache Subversion 1.10.0-1.14.0 - Unauthorized Exposure of Protected Copyfrom Paths
Apr 12, 2022
CVSS 4.3
EPSS 0.03
CVE-2021-31805
CRITICAL
NUCLEI
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
Apr 12, 2022
CVSS 9.8
EPSS 0.85
CVE-2021-44759
HIGH
Apache Traffic Server 8.0.0-8.1.0 - Improper Authentication in TLS Origin Validation
Mar 23, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-44040
HIGH
Apache Traffic Server 8.0.0-8.1.3 and 9.0.0-9.1.1 - Improper Input Validation in Request Line Parsing
Mar 23, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-38296
HIGH
Apache Spark <3.1.2 - Info Disclosure
Mar 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45229
MEDIUM
Apache Airflow < 2.2.3 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Feb 25, 2022
CVSS 6.1
EPSS 0.03
CVE-2021-44521
CRITICAL
NUCLEI
Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions
Feb 11, 2022
CVSS 9.1
EPSS 0.55
CVE-2021-36152
CRITICAL
Apache Gobblin <0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-36151
MEDIUM
Apache Gobblin <=0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-44451
MEDIUM
NUCLEI
Apache Superset <= 1.3.2 - Authenticated Database Connection Password Exposure
Feb 01, 2022
CVSS 6.5
EPSS 0.08
CVE-2021-41571
MEDIUM
Apache Pulsar < 2.6.4 - Incorrect Authorization in Admin API get-message-by-id
Feb 01, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-41766
HIGH
Apache Karaf < 4.3.6 - Deserialization of Untrusted Data via JMX
Jan 26, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-45029
CRITICAL
Apache ShenYu 2.4.0-2.4.1 - Remote Code Execution via Groovy and SpEL Injection
Jan 25, 2022
CVSS 9.8
EPSS 0.06
CVE-2021-45230
MEDIUM
Apache Airflow <2.2.0 - Privilege Escalation
Jan 20, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-42357
MEDIUM
Apache Knox < 1.6.1 - Open Redirect via Crafted Request Parameter
Jan 17, 2022
CVSS 6.1
EPSS 0.03
CVE-2021-43999
HIGH
Apache Guacamole <1.3.0 - Privilege Escalation
Jan 11, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-41767
MEDIUM
Apache Guacamole < 1.3.0 - Authenticated Exposure of Sensitive Information via REST Response
Jan 11, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-43297
CRITICAL
Apache Dubbo <2.6.12, <2.7.15, <3.0 - Code Injection
Jan 10, 2022
CVSS 9.8
EPSS 0.15
CVE-2021-43045
HIGH
Apache Avro < 1.11.0 - Denial of Service via Resource Allocation
Jan 06, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-45458
HIGH
Apache Kylin <2.6.6, <3.1.2 - Info Disclosure
Jan 06, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45457
HIGH
Apache Kylin 2.0.0-2.6.6, 3.0.0-3.1.2, 4.0.0 - Incorrect Authorization via Cross-Origin Request Handling
Jan 06, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45456
CRITICAL
Apache Kylin 4.0.0 - Command Injection via Project Name Parameter
Jan 06, 2022
CVSS 9.8
EPSS 0.89
CVE-2021-36774
MEDIUM
Apache Kylin 2.0.0-2.6.6 and 3.0.0-3.1.2 - Remote Code Execution via MySQL JDBC Driver Properties
Jan 06, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-31522
CRITICAL
Apache Kylin <2.6.6, <3.1.2, <4.0.0 - RCE
Jan 06, 2022
CVSS 9.8
EPSS 0.03
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters