apache
3,092 tracked vulnerabilities.
CVE-2021-38555
CRITICAL
Apache Any23 < 2.5 - XML External Entity Injection in StreamUtils.java
Sep 11, 2021
CVSS 9.1
EPSS 0.03
CVE-2021-38540
CRITICAL
NUCLEI
Airflow >=2.0.0-<2.1.3 - RCE/Info Disclosure
Sep 09, 2021
CVSS 9.8
EPSS 0.81
CVE-2021-37579
CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Security Check Bypass
Sep 09, 2021
CVSS 9.8
EPSS 0.07
CVE-2021-36161
CRITICAL
Apache Dubbo < 2.7.13 - Remote Code Execution via Format String Injection in toString Call
Sep 09, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-36163
CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Hessian Protocol
Sep 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36162
HIGH
Apache Dubbo 2.7.0-2.7.12 and 0-2.7.12 - Remote Code Execution via SnakeYAML Constructor Deserialization
Sep 07, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-27578
MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Scripting in Markdown Interpreter
Sep 02, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-25958
MEDIUM
Apache OFBiz 17.12.01-17.12.07 - Information Disclosure via Exception Handling
Aug 30, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-33191
CRITICAL
Apache NiFi MiNiFi C++ <0.10.0 - Privilege Escalation
Aug 24, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-35940
HIGH
Apache Portable Runtime <1.7.0 - Info Disclosure
Aug 23, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-37608
CRITICAL
Apache OFBiz < 17.12.08 - Unrestricted Upload of File with Dangerous Type
Aug 18, 2021
CVSS 9.8
EPSS 0.06
CVE-2021-33580
HIGH
Apache Roller < 6.0.2 - Denial of Service via Regex Catastrophic Backtracking
Aug 18, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-35936
MEDIUM
Apache Airflow < 2.1.2 - Info Disclosure
Aug 16, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-33193
HIGH
Apache HTTP Server <2.4.49 - SSRF
Aug 16, 2021
CVSS 7.5
EPSS 0.46
CVE-2021-21501
HIGH
ServiceComb 1.0.0-1.x.x - Path Traversal
Aug 10, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-37578
CRITICAL
Apache jUDDI < 3.3.10 - Remote Code Execution via RMI Deserialization
Jul 29, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-33900
HIGH
Apache Directory Studio < 2.0.0.v20210717-M17 - Cleartext Transmission of Sensitive Information via StartTLS and SASL
Jul 26, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-28131
HIGH
Apache Impala < 4.0.0 - Authenticated Session Hijacking via Logged Session Secrets
Jul 22, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-24117
MEDIUM
Apache Teaclave SGX SDK 1.1.3 - Side-Channel Information Disclosure via Base64 PEM Decoding
Jul 14, 2021
CVSS 4.9
EPSS 0.02
CVE-2021-36374
MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-36373
MEDIUM
Apache Ant <1.9.16, 1.10.11 - Memory Corruption
Jul 14, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-36090
HIGH
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.13
CVE-2021-35517
HIGH
Apache Commons Compress 1.1-1.19 - Denial of Service via Malicious TAR Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-35516
HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Malicious 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.12
CVE-2021-35515
HIGH
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
Jul 13, 2021
CVSS 7.5
EPSS 0.12
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters