Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class — Apache SparkCWE-269 6.4 Medium2023-04-17
CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench — Apache IoTDB WorkbenchCWE-863 9.8 -2023-04-17
CVE-2023-24831 Apache IoTDB grafana-connector Login Bypass Vulnerability — Apache IoTDBCWE-287 8.8 -2023-04-17
CVE-2022-47501 Apache OFBiz: Arbitrary file reading vulnerability — Apache OFBizCWE-22 7.5 -2023-04-14
CVE-2022-45064 Apache Sling Engine: Include-based XSS — Apache Sling EngineCWE-79 8.0 High2023-04-13
CVE-2023-30465 Apache InLong: SQL injection in apache inLong 1.5.0 — Apache InLongCWE-89 5.3 -2023-04-11
CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution — Apache LinkisCWE-502 9.8 -2023-04-10
CVE-2023-27987 Apache Linkis gateway module token authentication bypass — Apache LinkisCWE-326 9.1 -2023-04-10
CVE-2023-27603 Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue — Apache LinkisCWE-22 9.8 -2023-04-10
CVE-2023-27602 Apache Linkis publicsercice module unrestricted upload of file — Apache LinkisCWE-434 9.8 -2023-04-10
CVE-2023-29215 Apache Linkis JDBC EngineCon has a deserialization command execution — Apache LinkisCWE-502 9.8 -2023-04-10
CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC — Apache Airflow Spark ProviderCWE-20--2023-04-07
CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution — Apache Airflow Hive ProviderCWE-94 9.8 -2023-04-07
CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability — Apache Airflow Drill ProviderCWE-20--2023-04-07
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX — Apache James serverCWE-862 7.8 -2023-04-03
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE — Apache UIMA DUCCCWE-77 8.8 -2023-03-30
CVE-2023-28158 Apache Archiva privilege escalation — Apache ArchivaCWE-79 6.5 Medium2023-03-29
CVE-2023-28326 Apache OpenMeetings: allows user impersonation — Apache OpenMeetingsCWE-306 9.8 -2023-03-28
CVE-2023-25197 apache fineract: SQL injection vulnerability in certain procedure calls — apache fineractCWE-89 9.8 -2023-03-28
CVE-2023-25196 Apache Fineract: SQL injection vulnerability — Apache FineractCWE-89 8.1 -2023-03-28
CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users — Apache FineractCWE-918 8.1 -2023-03-28
CVE-2023-27296 Apache InLong: JDBC Deserialization Vulnerability in InLong — Apache InLongCWE-502 8.8 -2023-03-27
CVE-2022-47502 Apache OpenOffice: Macro URL arbitrary script execution — Apache OpenOfficeCWE-20 7.3 -2023-03-24
CVE-2022-38745 Apache OpenOffice: Empty entry in Java class path — Apache OpenOfficeCWE-94 9.8 -2023-03-24
CVE-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations — Apache TomcatCWE-523 6.5 -2023-03-22
CVE-2023-26513 Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS — Apache Sling Resource MergerCWE-834 7.5 High2023-03-20
CVE-2023-25695 Information disclosure in Apache Airflow — Apache AirflowCWE-209 5.3 -2023-03-15
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender — Apache Log4jCWE-502 7.5 -2023-03-10
CVE-2023-23638 Apache Dubbo Deserialization Vulnerability Gadgets Bypass — Apache DubboCWE-502 5.0 Medium2023-03-08
CVE-2023-27522 Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting — Apache HTTP ServerCWE-444 5.3 -2023-03-07

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.