Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature — Apache AirflowCWE-200 4.3 -2023-10-14
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication — Apache ZooKeeperCWE-639 9.1 -2023-10-11
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient — Apache TomcatCWE-20 7.5 -2023-10-10
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests — Apache TomcatCWE-459 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows — Apache TomcatCWE-459 7.5 -2023-10-10
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK — Apache Avro Java SDKCWE-502 7.5 -2023-09-29
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences — Apache Flink Stateful FunctionsCWE-113 5.4 -2023-09-19
CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package — Apache Airflow HDFS ProviderCWE-829 8.8 -2023-09-14
CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file — Apache Commons CompressCWE-20 7.5 -2023-09-14
CVE-2023-41081 Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request — Apache Tomcat Connectors 6.5 -2023-09-13
CVE-2023-40712 Apache Airflow: Secrets can be unmasked in the "Rendered Template" — Apache AirflowCWE-200 4.3 -2023-09-12
CVE-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability — Apache AirflowCWE-863 7.1 -2023-09-12
CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization — Apache SupersetCWE-863 4.3 Medium2023-09-06
CVE-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution — Apache SupersetCWE-502 6.6 Medium2023-09-06
CVE-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections — Apache SupersetCWE-20 3.8 Low2023-09-06
CVE-2023-39264 Apache Superset: Stack traces enabled by default — Apache SupersetCWE-209 4.3 Medium2023-09-06
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries — Apache SupersetCWE-863 5.0 Medium2023-09-06
CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF — Apache SupersetCWE-918 4.3 Medium2023-09-06
CVE-2023-27526 Apache Superset: Improper Authorization check on import charts — Apache SupersetCWE-863 4.3 Medium2023-09-06
CVE-2023-36387 Apache Superset: Improper API permission for low privilege users — Apache SupersetCWE-863 5.4 Medium2023-09-06
CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService — Apache AxisCWE-20 9.8 -2023-09-05
CVE-2023-41180 Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ — Apache NiFi MiNiFi C++CWE-295 5.9 -2023-09-03
CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE — Apache Airflow Spark ProviderCWE-502 8.0 -2023-08-28
CVE-2023-27604 Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability — Apache Airflow Sqoop ProviderCWE-20 8.8 -2023-08-28
CVE-2023-41080 Apache Tomcat: Open redirect with FORM authentication — Apache TomcatCWE-601 6.1 -2023-08-25
CVE-2023-39441 Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation — Apache Airflow SMTP ProviderCWE-295 6.8 -2023-08-23
CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature — Apache AirflowCWE-400 8.1 -2023-08-23
CVE-2023-40273 Session fixation in Apache Airflow web interface — Apache AirflowCWE-384 8.8 -2023-08-23
CVE-2022-44729 Apache XML Graphics Batik: Information disclosure vulnerability — Apache XML Graphics BatikCWE-918 8.2 -2023-08-22
CVE-2022-44730 Apache XML Graphics Batik: Information disclosure vulnerability — Apache XML Graphics BatikCWE-918 6.5 -2023-08-22

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.