Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-31066 Apache InLong: Insecure direct object references for inlong sources — Apache InLongCWE-552 8.1 -2023-05-22
CVE-2023-31098 Apache InLong: Weak Password Implementation in InLong — Apache InLongCWE-521 7.4 -2023-05-22
CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users — Apache InLongCWE-1188 5.3 -2023-05-22
CVE-2023-31103 Apache InLong: Attackers can change the immutable name and type of cluster — Apache InLongCWE-668 8.2 -2023-05-22
CVE-2023-31206 Apache InLong: Attackers can change the immutable name and type of nodes — Apache InLongCWE-668 8.2 -2023-05-22
CVE-2023-31453 Apache InLong: IDOR make users can delete others' subscription — Apache InLongCWE-732 7.5 -2023-05-22
CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster — Apache InLongCWE-732 9.8 -2023-05-22
CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks — Apache InLongCWE-502 9.8 -2023-05-22
CVE-2023-28709 Apache Tomcat: Fix for CVE-2023-24998 is incomplete — Apache TomcatCWE-193 7.5 -2023-05-22
CVE-2022-47937 Multiple parsing problems in the Apache Sling Commons JSON module — org.apache.sling.commons.jsonCWE-20 9.1 -2023-05-15
CVE-2023-28936 Apache OpenMeetings: insufficient check of invitation hash — Apache OpenMeetingsCWE-697 7.5 -2023-05-12
CVE-2023-29032 Apache OpenMeetings: allows bypass authentication — Apache OpenMeetingsCWE-287 8.8 -2023-05-12
CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection — Apache OpenMeetingsCWE-20 7.2 -2023-05-12
CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs — Apache AirflowCWE-270 7.5 -2023-05-08
CVE-2023-29247 Stored XSS on Apache Airflow — Apache AirflowCWE-79 6.1 -2023-05-08
CVE-2023-31039 Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution — Apache bRPCCWE-20 9.8 -2023-05-08
CVE-2023-31038 Apache Log4cxx: SQL injection when using ODBC appender — Apache Log4cxxCWE-89 7.2 -2023-05-08
CVE-2021-40331 Permissions problem in the Apache Ranger Hive Plugin — Apache Ranger Hive PluginCWE-732 6.5 -2023-05-05
CVE-2022-45048 Apache Ranger: code execution vulnerability in policy expressions — Apache RangerCWE-74 8.4 High2023-05-05
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes — Apache CouchDBCWE-200 4.4 Medium2023-05-02
CVE-2023-32007 Apache Spark: Shell command injection via Spark UI — Apache SparkCWE-77 8.8 -2023-05-02
CVE-2022-46365 Apache StreamPark (incubating): Logic error causing any account reset — Apache StreamPark (incubating)CWE-20 8.1 -2023-05-01
CVE-2022-45801 Apache StreamPark (incubating): LDAP Injection Vulnerability — Apache StreamPark (incubating)CWE-74 9.1 -2023-05-01
CVE-2022-45802 Apache StreamPark (incubating): Upload any file to any directory — Apache StreamPark (incubating)CWE-434 8.1 -2023-05-01
CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions. — Apache JenaCWE-917 6.1 -2023-04-25
CVE-2023-30776 Apache Superset: Database connection password leak — Apache SupersetCWE-522 4.9 Medium2023-04-24
CVE-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY — Apache SupersetCWE-1188 8.9 High2023-04-24
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication — Apache DolphinSchedulerCWE-287 9.1 -2023-04-20
CVE-2023-25504 Apache Superset: Possible SSRF on import datasets — Apache SupersetCWE-918 4.9 Medium2023-04-17
CVE-2023-27525 Apache Superset: Incorrect default permissions for Gamma role — Apache SupersetCWE-863 3.1 Low2023-04-17

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.