| CVE-2022-46751 | Apache Ivy: XML External Entity vulnerability in Apache Ivy | Apache Software Foundation | Apache Ivy | 高危 | - | 2023-08-21 06:55:00 | Deep Dive |
| CVE-2023-40037 | Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs | Apache Software Foundation | Apache NiFi | 中危 | - | 2023-08-18 21:54:52 | Deep Dive |
| CVE-2023-40272 | Apache Airflow Spark Provider Arbitrary File Read via JDBC | Apache Software Foundation | Apache Airflow Spark Provider | 高危 | - | 2023-08-17 13:52:31 | Deep Dive |
| CVE-2023-39553 | Apache Airflow Drill Provider Arbitrary File Read Vulnerability | Apache Software Foundation | Apache Airflow Drill Provider | 高危 | - | 2023-08-11 07:18:14 | Deep Dive |
| CVE-2023-33934 | Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies | Apache Software Foundation | Apache Traffic Server | 超危 | - | 2023-08-09 06:58:07 | Deep Dive |
| CVE-2022-47185 | Apache Traffic Server: Invalid Range header causes a crash | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2023-08-09 06:57:40 | Deep Dive |
| CVE-2023-37581 | Apache Roller: Roller's weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users. | Apache Software Foundation | Apache Roller | 中危 | - | 2023-08-06 07:21:04 | Deep Dive |
| CVE-2023-39508 | Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges | Apache Software Foundation | Apache Airflow | 高危 | - | 2023-08-05 06:47:15 | Deep Dive |
| CVE-2023-36542 | Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources | Apache Software Foundation | Apache NiFi | 高危 | - | 2023-07-29 07:12:18 | Deep Dive |
| CVE-2023-38647 | Apache Helix: Deserialization vulnerability in Helix workflow and REST | Apache Software Foundation | Apache Helix | 超危 | - | 2023-07-26 07:52:30 | Deep Dive |
| CVE-2023-38435 | Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin | Apache Software Foundation | Apache Felix Healthcheck Webconsole Plugin | 中危 | - | 2023-07-25 15:40:05 | Deep Dive |
| CVE-2023-37895 | Apache Jackrabbit RMI access can lead to RCE | Apache Software Foundation | Apache Jackrabbit Webapp (jackrabbit-webapp) | 超危 | - | 2023-07-25 14:02:10 | Deep Dive |
| CVE-2023-35088 | Apache InLong: SQL injection in audit endpoint | Apache Software Foundation | Apache InLong | 超危 | - | 2023-07-25 07:10:19 | Deep Dive |
| CVE-2023-34434 | Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param | Apache Software Foundation | Apache InLong | 高危 | - | 2023-07-25 07:09:59 | Deep Dive |
| CVE-2023-34189 | Apache InLong: General user can delete and update process | Apache Software Foundation | Apache InLong | 中危 | - | 2023-07-25 07:08:54 | Deep Dive |
| CVE-2023-34478 | Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. | Apache Software Foundation | Apache Shiro | 超危 | - | 2023-07-24 18:24:46 | Deep Dive |
| CVE-2023-28754 | ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent | Apache Software Foundation | ShardingSphere-Agent | 高危 | - | 2023-07-19 07:15:31 | Deep Dive |
| CVE-2023-26512 | Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data | Apache Software Foundation | Apache EventMesh (incubating) RabbitMQ connector | 超危 | - | 2023-07-17 07:16:12 | Deep Dive |
| CVE-2023-37415 | Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user | Apache Software Foundation | Apache Airflow Apache Hive Provider | 高危 | - | 2023-07-13 07:35:33 | Deep Dive |
| CVE-2022-45855 | Apache Ambari: Allows authenticated metrics consumers to perform RCE | Apache Software Foundation | Apache Ambari | High | 8.0 | 2023-07-12 09:59:44 | Deep Dive |