| CVE-2023-46302 | Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization | Apache Software Foundation | Apache Submarine | - | - | 2023-11-20 08:46:56 | Deep Dive |
| CVE-2023-26031 | Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems | Apache Software Foundation | Apache Hadoop | 高危 | - | 2023-11-16 08:15:51 | Deep Dive |
| CVE-2023-42781 | Apache Airflow: Permission verification bypass allows viewing dagruns of other dags | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-11-12 13:14:10 | Deep Dive |
| CVE-2023-47037 | Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-11-12 13:12:23 | Deep Dive |
| CVE-2023-47248 | PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file | Apache Software Foundation | PyArrow | 超危 | - | 2023-11-09 08:17:08 | Deep Dive |
| CVE-2023-39913 | Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats | Apache Software Foundation | Apache UIMA Java SDK Core | 高危 | - | 2023-11-08 08:04:24 | Deep Dive |
| CVE-2023-46819 | Apache OFBiz: Execution of Solr plugin queries without authentication | Apache Software Foundation | Apache OFBiz | 中危 | - | 2023-11-07 11:02:03 | Deep Dive |
| CVE-2023-46851 | Apache Allura: sensitive information exposure via import | Apache Software Foundation | Apache Allura | 中危 | - | 2023-11-07 08:56:35 | Deep Dive |
| CVE-2023-46215 | Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend | Apache Software Foundation | Apache Airflow Celery provider | 高危 | - | 2023-10-28 07:10:58 | Deep Dive |
| CVE-2023-46604 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | Apache Software Foundation | Apache ActiveMQ | Critical | 10.0 | 2023-10-27 14:59:31 | Deep Dive |
| CVE-2023-46288 | Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-10-23 18:13:04 | Deep Dive |
| CVE-2023-31122 | Apache HTTP Server: mod_macro buffer over-read | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2023-10-23 06:52:00 | Deep Dive |
| CVE-2023-43622 | Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2023-10-23 06:50:52 | Deep Dive |
| CVE-2023-45802 | Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2023-10-23 06:50:24 | Deep Dive |
| CVE-2023-44483 | Apache Santuario: Private Key disclosure in debug-log output | Apache Software Foundation | Apache Santuario | 中危 | - | 2023-10-20 09:23:53 | Deep Dive |
| CVE-2023-46227 | Apache inlong has an Arbitrary File Read Vulnerability | Apache Software Foundation | Apache InLong | 高危 | - | 2023-10-19 09:40:46 | Deep Dive |
| CVE-2023-25753 | Server-Side Request Forgery in Apache ShenYu | Apache Software Foundation | Apache ShenYu | 中危 | - | 2023-10-19 08:35:24 | Deep Dive |
| CVE-2023-39456 | Apache Traffic Server: Malformed http/2 frames can cause an abort | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2023-10-17 06:58:18 | Deep Dive |
| CVE-2023-41752 | Apache Traffic Server: s3_auth plugin problem with hash calculation | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2023-10-17 06:57:48 | Deep Dive |
| CVE-2023-43666 | Apache InLong: General user Unauthorized access User Management | Apache Software Foundation | Apache InLong | 中危 | - | 2023-10-16 08:08:10 | Deep Dive |