Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-43721 Apache Superset: Open Redirect Vulnerability — Apache SupersetCWE-601 5.4 -2023-01-16
CVE-2022-43720 Apache Superset: Improper rendering of user input — Apache SupersetCWE-74 4.6 -2023-01-16
CVE-2022-43719 Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API — Apache SupersetCWE-352 8.8 -2023-01-16
CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms — Apache SupersetCWE-79 5.4 -2023-01-16
CVE-2022-43717 Apache Superset: Cross-Site Scripting on dashboards — Apache SupersetCWE-79 5.4 -2023-01-16
CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request — Apache ShiroCWE-436 7.5 -2023-01-14
CVE-2022-46769 Apache Sling App CMS: XSS in CMS Site Group Detail — Apache Sling App CMSCWE-79 5.4 -2023-01-09
CVE-2022-45935 Apache James server: Temporary File Information Disclosure — Apache James serverCWE-668 5.5 -2023-01-06
CVE-2022-45787 Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider — Apache James MIME4JCWE-312 5.5 -2023-01-06
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin — Apache DolphinSchedulerCWE-20 9.8 -2023-01-04
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping — Apache TomcatCWE-116 7.5 -2023-01-03
CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller — Apache Kylin 9.8 -2022-12-30
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration — Apache Kylin 8.8 -2022-12-30
CVE-2022-45347 Apache ShardingSphere-Proxy: MySQL authentication bypass — Apache ShardingSphere-ProxyCWE-459 9.8 -2022-12-22
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection — Apache KarafCWE-74 9.8 -2022-12-21
CVE-2022-46421 Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params — Apache Airflow Hive ProviderCWE-77 9.8 -2022-12-20
CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin — Apache Traffic ServerCWE-79 6.1 -2022-12-19
CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests — Apache Traffic ServerCWE-754 8.2 -2022-12-19
CVE-2022-32749 Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins — Apache Traffic ServerCWE-754 7.5 -2022-12-19
CVE-2022-47500 Apache Helix: Open redirect — Apache HelixCWE-601 6.1 -2022-12-19
CVE-2022-46870 Apache Zeppelin: Stored XSS in note permissions — Apache ZeppelinCWE-79 5.4 -2022-12-16
CVE-2021-28655 Apache Zeppelin: Arbitrary file deletion vulnerability — Apache ZeppelinCWE-20 8.2 -2022-12-16
CVE-2022-32531 Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification — Apache BookKeeperCWE-295 5.9 -2022-12-15
CVE-2022-34271 Apache Atlas: zip path traversal in import functionality — Apache AtlasCWE-22 8.1 -2022-12-14
CVE-2022-46364 Apache CXF SSRF Vulnerability — Apache CXFCWE-918 9.1 -2022-12-13
CVE-2022-46363 Apache CXF directory listing / code exfiltration — Apache CXFCWE-20 9.1 -2022-12-13
CVE-2022-45910 Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities — Apache ManifoldCFCWE-90 8.2 -2022-12-07
CVE-2021-37533 Apache Commons Net's FTP client trusts the host from PASV response by default — Apache Commons NetCWE-20 6.5 -2022-12-03
CVE-2022-46366 Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input — Apache TapestryCWE-502 9.8 -2022-12-02
CVE-2022-44635 Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal — Apache FineractCWE-22 8.8 -2022-11-29

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.