Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Apache DolphinScheduler — Vulnerabilities & Security Advisories 26

All 26 CVE vulnerabilities found in Apache DolphinScheduler, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPaused
CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. CWE-863 8.8AIHighAI2026-04-24
CVE-2025-62233 Apache DolphinScheduler: Deserialization of untrusted data in RPC CWE-502 8.8AIHighAI2026-04-24
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint. CWE-200 7.5AIHighAI2026-04-09
CVE-2024-43166 Apache DolphinScheduler 安全漏洞 CWE-276 9.8AICriticalAI2025-09-03
CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack CWE-20 8.8AIHighAI2025-09-03
CVE-2024-43202 Apache DolphinScheduler: Remote Code Execution Vulnerability CWE-94 9.8AICriticalAI2024-08-20
CVE-2024-30188 Apache DolphinScheduler: Resource File Read And Write Vulnerability CWE-20 8.1AIHighAI2024-08-09
CVE-2024-29831 Apache DolphinScheduler: RCE by arbitrary js execution CWE-20 8.2AIHighAI2024-08-09
CVE-2024-23320 Apache DolphinScheduler: Arbitrary js execution as root for authenticated users CWE-20 5.4 -2024-02-23
CVE-2023-51770 Apache DolphinScheduler: Arbitrary File Read Vulnerability CWE-94 7.5AIHighAI2024-02-20
CVE-2023-50270 Apache DolphinScheduler: Session do not expire after password change CWE-613 9.1AICriticalAI2024-02-20
CVE-2023-49250 Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil CWE-295 7.4AIHighAI2024-02-20
CVE-2023-49109 Remote Code Execution in Apache Dolphinscheduler CWE-94 9.8AICriticalAI2024-02-20
CVE-2023-49299 Apache DolphinScheduler: Arbitrary js execute as root for authenticated users CWE-20 8.2 -2023-12-30
CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for CWE-862 4.3 -2023-11-30
CVE-2023-49068 Apache DolphinScheduler: Information Leakage Vulnerability CWE-200 7.5 -2023-11-27
CVE-2023-48796 Apache dolphinscheduler sensitive information disclosure CWE-200 7.5 -2023-11-24
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication CWE-287 9.1 -2023-04-20
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin CWE-20 9.8 -2023-01-04
CVE-2022-26885 Apache DolphinScheduler config file read by task risk 7.5 -2022-11-24
CVE-2022-45462 Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability CWE-77 9.8 -2022-11-23
CVE-2022-34662 Apache DolphinScheduler prior to 3.0.0 allows path traversal CWE-22 6.5 -2022-11-01
CVE-2022-26884 Apache DolphinScheduler exposes files without authentication CWE-22 6.5 -2022-10-28
CVE-2022-25598 Apache DolphinScheduler user registration is vulnerable to ReDoS attacks CWE-1333 7.5 -2022-03-30
CVE-2021-27644 DolphinScheduler mysql jdbc connector parameters deserialize remote code execution CWE-264 8.8 -2021-11-01
CVE-2020-13922 Apache DolphinScheduler (incubating) Permission vulnerability CWE-264 6.5 -2021-01-11

All 26 known CVE vulnerabilities affecting Apache DolphinScheduler with full Chinese analysis, references, and POCs where available.