| CVE-2023-42501 | Apache Superset: Unnecessary read permissions within the Gamma role | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-11-27 10:23:48 | Deep Dive |
| CVE-2023-40610 | Apache Superset: Privilege escalation with default examples database | Apache Software Foundation | Apache Superset | Medium | 6.3 | 2023-11-27 10:22:41 | Deep Dive |
| CVE-2023-49068 | Apache DolphinScheduler: Information Leakage Vulnerability | Apache Software Foundation | Apache DolphinScheduler | 高危 | - | 2023-11-27 09:49:42 | Deep Dive |
| CVE-2023-48796 | Apache dolphinscheduler sensitive information disclosure | Apache Software Foundation | Apache DolphinScheduler | 高危 | - | 2023-11-24 07:56:44 | Deep Dive |
| CVE-2023-43123 | Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files | Apache Software Foundation | Apache Storm | 中危 | - | 2023-11-23 09:16:35 | Deep Dive |
| CVE-2023-37924 | Apache Submarine: SQL injection from unauthorized login | Apache Software Foundation | Apache Submarine | - | - | 2023-11-22 09:19:23 | Deep Dive |
| CVE-2022-46337 | Apache Derby: LDAP injection vulnerability in authenticator | Apache Software Foundation | Apache Derby | - | - | 2023-11-20 08:49:39 | Deep Dive |
| CVE-2023-46302 | Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization | Apache Software Foundation | Apache Submarine | - | - | 2023-11-20 08:46:56 | Deep Dive |
| CVE-2023-26031 | Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems | Apache Software Foundation | Apache Hadoop | 高危 | - | 2023-11-16 08:15:51 | Deep Dive |
| CVE-2023-42781 | Apache Airflow: Permission verification bypass allows viewing dagruns of other dags | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-11-12 13:14:10 | Deep Dive |
| CVE-2023-47037 | Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-11-12 13:12:23 | Deep Dive |
| CVE-2023-47248 | PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file | Apache Software Foundation | PyArrow | 超危 | - | 2023-11-09 08:17:08 | Deep Dive |
| CVE-2023-39913 | Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats | Apache Software Foundation | Apache UIMA Java SDK Core | 高危 | - | 2023-11-08 08:04:24 | Deep Dive |
| CVE-2023-46819 | Apache OFBiz: Execution of Solr plugin queries without authentication | Apache Software Foundation | Apache OFBiz | 中危 | - | 2023-11-07 11:02:03 | Deep Dive |
| CVE-2023-46851 | Apache Allura: sensitive information exposure via import | Apache Software Foundation | Apache Allura | 中危 | - | 2023-11-07 08:56:35 | Deep Dive |
| CVE-2023-46215 | Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend | Apache Software Foundation | Apache Airflow Celery provider | 高危 | - | 2023-10-28 07:10:58 | Deep Dive |
| CVE-2023-46604 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | Apache Software Foundation | Apache ActiveMQ | Critical | 10.0 | 2023-10-27 14:59:31 | Deep Dive |
| CVE-2023-46288 | Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-10-23 18:13:04 | Deep Dive |
| CVE-2023-31122 | Apache HTTP Server: mod_macro buffer over-read | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2023-10-23 06:52:00 | Deep Dive |
| CVE-2023-43622 | Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2023-10-23 06:50:52 | Deep Dive |