apache

3,092 tracked vulnerabilities.

CVE-2021-37404 CRITICAL
Apache Hadoop 2.9.0-2.10.1 and 3.3.0 - Heap Buffer Overflow via Unvalidated File Path
Jun 13, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-28544 MEDIUM
Apache Subversion 1.10.0-1.14.0 - Unauthorized Exposure of Protected Copyfrom Paths
Apr 12, 2022
CVSS 4.3
EPSS 0.03
CVE-2021-31805 CRITICAL NUCLEI
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
Apr 12, 2022
CVSS 9.8
EPSS 0.85
CVE-2021-44759 HIGH
Apache Traffic Server 8.0.0-8.1.0 - Improper Authentication in TLS Origin Validation
Mar 23, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-44040 HIGH
Apache Traffic Server 8.0.0-8.1.3 and 9.0.0-9.1.1 - Improper Input Validation in Request Line Parsing
Mar 23, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-38296 HIGH
Apache Spark <3.1.2 - Info Disclosure
Mar 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45229 MEDIUM
Apache Airflow < 2.2.3 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Feb 25, 2022
CVSS 6.1
EPSS 0.03
CVE-2021-44521 CRITICAL NUCLEI
Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions
Feb 11, 2022
CVSS 9.1
EPSS 0.55
CVE-2021-36152 CRITICAL
Apache Gobblin <0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-36151 MEDIUM
Apache Gobblin <=0.15.0 - Info Disclosure
Feb 04, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-44451 MEDIUM NUCLEI
Apache Superset <= 1.3.2 - Authenticated Database Connection Password Exposure
Feb 01, 2022
CVSS 6.5
EPSS 0.08
CVE-2021-41571 MEDIUM
Apache Pulsar < 2.6.4 - Incorrect Authorization in Admin API get-message-by-id
Feb 01, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-41766 HIGH
Apache Karaf < 4.3.6 - Deserialization of Untrusted Data via JMX
Jan 26, 2022
CVSS 8.1
EPSS 0.02
CVE-2021-45029 CRITICAL
Apache ShenYu 2.4.0-2.4.1 - Remote Code Execution via Groovy and SpEL Injection
Jan 25, 2022
CVSS 9.8
EPSS 0.06
CVE-2021-45230 MEDIUM
Apache Airflow <2.2.0 - Privilege Escalation
Jan 20, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-42357 MEDIUM
Apache Knox < 1.6.1 - Open Redirect via Crafted Request Parameter
Jan 17, 2022
CVSS 6.1
EPSS 0.03
CVE-2021-43999 HIGH
Apache Guacamole <1.3.0 - Privilege Escalation
Jan 11, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-41767 MEDIUM
Apache Guacamole < 1.3.0 - Authenticated Exposure of Sensitive Information via REST Response
Jan 11, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-43297 CRITICAL
Apache Dubbo <2.6.12, <2.7.15, <3.0 - Code Injection
Jan 10, 2022
CVSS 9.8
EPSS 0.15
CVE-2021-43045 HIGH
Apache Avro < 1.11.0 - Denial of Service via Resource Allocation
Jan 06, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-45458 HIGH
Apache Kylin <2.6.6, <3.1.2 - Info Disclosure
Jan 06, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45457 HIGH
Apache Kylin 2.0.0-2.6.6, 3.0.0-3.1.2, 4.0.0 - Incorrect Authorization via Cross-Origin Request Handling
Jan 06, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-45456 CRITICAL
Apache Kylin 4.0.0 - Command Injection via Project Name Parameter
Jan 06, 2022
CVSS 9.8
EPSS 0.89
CVE-2021-36774 MEDIUM
Apache Kylin 2.0.0-2.6.6 and 3.0.0-3.1.2 - Remote Code Execution via MySQL JDBC Driver Properties
Jan 06, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-31522 CRITICAL
Apache Kylin <2.6.6, <3.1.2, <4.0.0 - RCE
Jan 06, 2022
CVSS 9.8
EPSS 0.03