Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache NiFi — Vulnerabilities & Security Advisories 42

All 42 CVE vulnerabilities found in Apache NiFi, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates CWE-862 6.5AIMediumAI2026-02-17
CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor CWE-502 7.5AIHighAI2025-12-19
CVE-2025-27017 Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record CWE-538 6.5 -2025-03-12
CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References CWE-638 6.5 -2024-12-28
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log CWE-532 4.9AIMediumAI2024-11-21
CVE-2024-45477 Apache NiFi: Improper Neutralization of Input in Parameter Description CWE-79 4.6 Medium2024-10-29
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description CWE-79 4.6 Medium2024-07-08
CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt CWE-79 7.9 High2023-11-27
CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs CWE-184 8.1 -2023-08-18
CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources CWE-94 8.8 -2023-07-29
CVE-2023-34212 Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components CWE-502 8.8 -2023-06-12
CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2 CWE-94 8.8 -2023-06-12
CVE-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes CWE-611 7.5 -2023-02-10
CVE-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider CWE-78 8.8 -2022-06-15
CVE-2022-29265 Improper Restriction of XML External Entity References in Multiple Components CWE-611 7.5 -2022-04-30
CVE-2022-26850 Insufficiently protected credentials 4.3 -2022-04-06
CVE-2021-44145 Apache NiFi information disclosure by XXE 6.5 -2021-12-17
CVE-2020-9491 Apache NiFi 加密问题漏洞 7.5 -2020-10-01
CVE-2020-13940 Apache NiFi 代码问题漏洞 5.5 -2020-10-01
CVE-2020-9487 Apache NiFi 访问控制错误漏洞 7.5 -2020-10-01
CVE-2020-9486 Apache NiFi 日志信息泄露漏洞 7.5 -2020-10-01
CVE-2020-1942 Apache NiFi 信息泄露漏洞 7.5 -2020-02-11
CVE-2020-1933 Apache NiFi 跨站脚本漏洞 6.1 -2020-01-28
CVE-2020-1928 Apache NiFi 日志信息泄露漏洞 7.5 -2020-01-28
CVE-2019-10083 Apache NiFi 信息泄露漏洞 4.3 -2019-11-19
CVE-2019-12421 Apache NiFi 代码问题漏洞 8.1 -2019-11-19
CVE-2019-10080 Apache NiFi 代码问题漏洞 7.5 -2019-11-19
CVE-2018-17195 Apache NiFi template upload API 跨站请求伪造漏洞 7.5 -2018-12-19
CVE-2018-17194 Apache NiFi 安全漏洞 7.5 -2018-12-19
CVE-2018-17193 Apache NiFi 跨站脚本漏洞 6.1 -2018-12-19

All 42 known CVE vulnerabilities affecting Apache NiFi with full Chinese analysis, references, and POCs where available.