Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-26885 Apache DolphinScheduler config file read by task risk — Apache DolphinScheduler 7.5 -2022-11-24
CVE-2022-45462 Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability — Apache DolphinSchedulerCWE-77 9.8 -2022-11-23
CVE-2022-38649 Apache Airflow Pinot provider allowed Command Injection — Apache Airflow Pinot ProviderCWE-78 9.8 -2022-11-22
CVE-2022-40189 Apache Airlfow Pig Provider RCE — Apache Airlfow Pig ProviderCWE-78 9.8 -2022-11-22
CVE-2022-40954 Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files — Apache Airflow Spark ProviderCWE-78 5.5 -2022-11-22
CVE-2022-41131 Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) — Apache Airflow Hive ProviderCWE-78 8.4 -2022-11-22
CVE-2022-45470 Apache Hama allows XSS and information disclosure — Apache HamaCWE-20 6.5 -2022-11-21
CVE-2022-45047 Apache MINA SSHD: Java unsafe deserialization vulnerability — Apache MINA SSHDCWE-502 9.8 -2022-11-16
CVE-2022-40308 Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files — Apache Archiva 7.5 -2022-11-15
CVE-2022-40309 Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories — Apache Archiva 4.3 -2022-11-15
CVE-2022-45402 Apache Airflow: Open redirect during login — Apache AirflowCWE-601 6.1 -2022-11-15
CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template — Apache AirflowCWE-200 7.5 -2022-11-14
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example — Apache AirflowCWE-94 8.8 -2022-11-14
CVE-2022-45136 Apache Jena SDB allows arbitrary deserialisation via JDBC — Apache Jena SDBCWE-502 9.8 -2022-11-14
CVE-2022-45378 Apache SOAP allows unauthenticated users to potentially invoke arbitrary code — Apache SOAPCWE-306 9.8 -2022-11-14
CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system — Apache Ivy 9.1 -2022-11-07
CVE-2022-37866 Apache Ivy allows path traversal in the presence of a malicious repository — Apache IvyCWE-22 7.5 -2022-11-07
CVE-2022-42920 Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing — Apache Commons BCELCWE-787 9.8 -2022-11-07
CVE-2022-33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation — Apache PulsarCWE-295 8.1 -2022-11-04
CVE-2022-32287 Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives — Apache UIMACWE-22 9.1 -2022-11-03
CVE-2022-43670 XSS in Sling CMS Reference App Taxonomy Path — Apache Sling App CMSCWE-79 5.4 -2022-11-02
CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL — Apache AirflowCWE-79 6.1 -2022-11-02
CVE-2022-43985 Apache Airflow prior to 2.4.2 has an open redirect — Apache AirflowCWE-601 6.1 -2022-11-02
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript — Apache SparkCWE-74 5.4 -2022-11-01
CVE-2022-34662 Apache DolphinScheduler prior to 3.0.0 allows path traversal — Apache DolphinSchedulerCWE-22 6.5 -2022-11-01
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length — Apache TomcatCWE-444 8.2 -2022-11-01
CVE-2022-26884 Apache DolphinScheduler exposes files without authentication — Apache DolphinSchedulerCWE-22 6.5 -2022-10-28
CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability — Apache Linkis 8.8 -2022-10-26
CVE-2022-42468 Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource — Apache FlumeCWE-20 9.8 -2022-10-26
CVE-2022-43766 Apache IoTDB prior to 0.13.3 allows DoS — Apache IoTDB 7.5 -2022-10-26

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.