| CVE-2023-34434 | Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param | Apache Software Foundation | Apache InLong | 高危 | - | 2023-07-25 07:09:59 | Deep Dive |
| CVE-2023-34189 | Apache InLong: General user can delete and update process | Apache Software Foundation | Apache InLong | 中危 | - | 2023-07-25 07:08:54 | Deep Dive |
| CVE-2023-34478 | Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. | Apache Software Foundation | Apache Shiro | 超危 | - | 2023-07-24 18:24:46 | Deep Dive |
| CVE-2023-28754 | ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent | Apache Software Foundation | ShardingSphere-Agent | 高危 | - | 2023-07-19 07:15:31 | Deep Dive |
| CVE-2023-26512 | Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data | Apache Software Foundation | Apache EventMesh (incubating) RabbitMQ connector | 超危 | - | 2023-07-17 07:16:12 | Deep Dive |
| CVE-2023-37415 | Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user | Apache Software Foundation | Apache Airflow Apache Hive Provider | 高危 | - | 2023-07-13 07:35:33 | Deep Dive |
| CVE-2022-45855 | Apache Ambari: Allows authenticated metrics consumers to perform RCE | Apache Software Foundation | Apache Ambari | High | 8.0 | 2023-07-12 09:59:44 | Deep Dive |
| CVE-2022-42009 | Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. | Apache Software Foundation | Apache Ambari | High | 8.0 | 2023-07-12 09:58:20 | Deep Dive |
| CVE-2023-37582 | Apache RocketMQ: Possible remote code execution when using the update configuration function | Apache Software Foundation | Apache RocketMQ | 超危 | - | 2023-07-12 09:26:19 | Deep Dive |
| CVE-2023-22888 | Apache Airflow: Scheduler remote DoS | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-07-12 09:17:55 | Deep Dive |
| CVE-2023-36543 | Apache Airflow: ReDoS via dags function | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-07-12 09:17:34 | Deep Dive |
| CVE-2022-46651 | Apache Airflow: Security vulnerability on AirFlow Connections | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-07-12 09:17:07 | Deep Dive |
| CVE-2023-22887 | Apache Airflow path traversal by authenticated user | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-07-12 09:14:26 | Deep Dive |
| CVE-2023-35908 | Apache Airflow: Access to DAGs without relevant permission | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-07-12 09:14:10 | Deep Dive |
| CVE-2023-30428 | Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer | Apache Software Foundation | Apache Pulsar Broker | High | 8.2 | 2023-07-12 09:10:03 | Deep Dive |
| CVE-2023-30429 | Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy | Apache Software Foundation | Apache Pulsar | Critical | 9.6 | 2023-07-12 09:08:24 | Deep Dive |
| CVE-2023-31007 | Apache Pulsar: Broker does not always disconnect client when authentication data expires | Apache Software Foundation | Apache Pulsar | None | 0.0 | 2023-07-12 09:07:03 | Deep Dive |
| CVE-2023-37579 | Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials | Apache Software Foundation | Apache Pulsar Function Worker | High | 8.2 | 2023-07-12 09:05:24 | Deep Dive |
| CVE-2023-32200 | Apache Jena: Exposure of execution in script engine expressions. | Apache Software Foundation | Apache Jena | 高危 | - | 2023-07-12 07:49:55 | Deep Dive |
| CVE-2023-34442 | Apache Camel JIRA: Temporary file information disclosure in Camel-Jira | Apache Software Foundation | Apache Camel JIRA | 低危 | - | 2023-07-10 09:31:05 | Deep Dive |