Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger — Apache AirflowCWE-352 8.3AIHighAI2023-12-21
CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS — Apache Pulsar WebSocket ProxyCWE-287 7.5 High2023-12-20
CVE-2023-43826 Apache Guacamole: Integer overflow in handling of VNC image buffers — Apache GuacamoleCWE-190--2023-12-19
CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability — Apache SupersetCWE-863 7.7 High2023-12-19
CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro — Apache SupersetCWE-89 6.5 Medium2023-12-19
CVE-2023-46104 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb — Apache SupersetCWE-400 6.5 Medium2023-12-19
CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS — Apache DorisCWE-863 9.1AICriticalAI2023-12-18
CVE-2023-30867 Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability — Apache StreamPark (incubating)CWE-89 6.5 -2023-12-15
CVE-2023-49898 Apache StreamPark (incubating): Authenticated system users could trigger remote command execution — Apache StreamPark (incubating)CWE-77 8.8 -2023-12-15
CVE-2023-46279 Apache Dubbo: Bypass deny serialize list check in Apache Dubbo — Apache DubboCWE-502 9.8 -2023-12-15
CVE-2023-29234 Bypass serialize checks in Apache Dubbo — Apache DubboCWE-502 9.8 -2023-12-15
CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. — Apache ShiroCWE-601 6.1AIMediumAI2023-12-14
CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents — Apache CouchDBCWE-200 7.5AIHighAI2023-12-13
CVE-2023-50164 Apache Struts: File upload component had a directory traversal vulnerability — Apache StrutsCWE-552 9.8 -2023-12-07
CVE-2023-41835 Apache Struts: excessive disk usage — Apache StrutsCWE-459 8.2 -2023-12-05
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present — Apache OFBizCWE-94 9.8 -2023-12-05
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE — Apache TilesCWE-22 10.0 -2023-11-30
CVE-2023-49733 Apache Cocoon's StreamGenerator is vulnerable to XXE injection — Apache CocoonCWE-611 7.5 -2023-11-30
CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for — Apache DolphinSchedulerCWE-862 4.3 -2023-11-30
CVE-2022-45135 Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction — Apache CocoonCWE-89 9.8 -2023-11-30
CVE-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service — Apache SupersetCWE-770 5.8 Medium2023-11-28
CVE-2023-42505 Apache Superset: Sensitive information disclosure on db connection details — Apache SupersetCWE-200 4.3 Medium2023-11-28
CVE-2023-42502 Apache Superset: Open Redirect Vulnerability — Apache SupersetCWE-601 4.8 Medium2023-11-28
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers — Apache TomcatCWE-444 7.5 -2023-11-28
CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE — Apache ActiveMQCWE-287 8.8 -2023-11-28
CVE-2023-49145 Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt — Apache NiFiCWE-79 7.9 High2023-11-27
CVE-2023-43701 Apache Superset: Stored XSS on API endpoint — Apache SupersetCWE-79 4.3 Medium2023-11-27
CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role — Apache SupersetCWE-276 4.3 Medium2023-11-27
CVE-2023-40610 Apache Superset: Privilege escalation with default examples database — Apache SupersetCWE-863 6.3 Medium2023-11-27
CVE-2023-49068 Apache DolphinScheduler: Information Leakage Vulnerability — Apache DolphinSchedulerCWE-200 7.5 -2023-11-27

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.