Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability — Apache Linkis DataSourceCWE-502 8.1 -2024-07-15
CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading — Apache Linkis DataSourceCWE-552 6.5 -2024-07-15
CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection — Apache WicketCWE-74 9.8AICriticalAI2024-07-12
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description — Apache NiFiCWE-79 4.6 Medium2024-07-08
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution — Apache CloudStackCWE-94 10.0 -2024-07-05
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled — Apache CloudStackCWE-665 9.1 -2024-07-05
CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType — Apache HTTP Server 7.5 -2024-07-04
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS — Apache TomcatCWE-755 5.3AIMediumAI2024-07-03
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution — Apache HTTP ServerCWE-20 9.3AICriticalAI2024-07-01
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request — Apache HTTP ServerCWE-476 7.5 -2024-07-01
CVE-2024-38476 Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect — Apache HTTP ServerCWE-829 9.1AICriticalAI2024-07-01
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38473 Apache HTTP Server proxy encoding problem — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF — Apache HTTP ServerCWE-918 7.5AIHighAI2024-07-01
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 — Apache HTTP ServerCWE-476 7.5AIHighAI2024-07-01
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation — Apache StreamPipesCWE-338 8.1AIHighAI2024-06-24
CVE-2024-27136 Apache JSPWiki: Cross-site scripting vulnerability on upload page — Apache JSPWikiCWE-79 6.1AIMediumAI2024-06-24
CVE-2024-38379 Apache Allura: Stored authenticated XSS — Apache AlluraCWE-79 4.8 -2024-06-22
CVE-2024-34693 Apache Superset: Server arbitrary file read — Apache SupersetCWE-20 6.8 Medium2024-06-20
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache — Apache AirflowCWE-525 7.5AIHighAI2024-06-14
CVE-2024-36265 Apache Submarine Server Core: authorization bypass — Apache Submarine Server CoreCWE-863 7.5AIHighAI2024-06-12
CVE-2024-36264 Apache Submarine Commons Utils: default secret — Apache Submarine Commons UtilsCWE-287 7.5AIHighAI2024-06-12
CVE-2024-36263 Apache Submarine Server Core: SQL injection — Apache Submarine Server CoreCWE-89 9.8AICriticalAI2024-06-12
CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding — Apache AlluraCWE-20 4.9 -2024-06-10
CVE-2024-36104 Apache OFBiz: Path traversal leading to a RCE — Apache OFBizCWE-22 7.5AIHighAI2024-06-04
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details — Apache AirflowCWE-79 7.1 -2024-05-14
CVE-2024-34365 Apache Karaf Cave: Cave SSRF and arbitrary file access — Apache Karaf CaveCWE-20 9.1 -2024-05-09
CVE-2024-26579 Apache Inlong JDBC Vulnerability — Apache InLongCWE-502 9.8AICriticalAI2024-05-08
CVE-2024-32113 Apache OFBiz: Path traversal leading to RCE — Apache OFBizCWE-22 7.5AIHighAI2024-05-08

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.