Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-38170 Overly permissive umask for daemons — Apache Airflow 4.7 -2022-09-02
CVE-2022-29158 Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz — Apache OFBizCWE-1333 7.5 -2022-09-02
CVE-2022-29063 Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz — Apache OFBizCWE-502 9.8 -2022-09-02
CVE-2022-25813 Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz — Apache OFBizCWE-1336 7.5 -2022-09-02
CVE-2022-25371 Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz — Apache OFBizCWE-22 9.8 -2022-09-02
CVE-2022-25370 Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz — Apache OFBizCWE-79 5.4 -2022-09-02
CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management — Apache ShenYuCWE-732 8.8 -2022-09-01
CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 — Apache GeodeCWE-502 8.8 -2022-08-31
CVE-2022-37022 Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11 — Apache GeodeCWE-502 9.8 -2022-08-31
CVE-2022-37021 Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8. — Apache GeodeCWE-502 9.8 -2022-08-31
CVE-2021-25642 Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler — Apache HadoopCWE-502 8.8 -2022-08-25
CVE-2022-22728 libapreq2 multipart form parse memory corruption — libapreq2CWE-120 7.5 -2022-08-25
CVE-2022-35278 HTML Injection in ActiveMQ Artemis Web Console — Apache ActiveMQ ArtemisCWE-80 6.1 -2022-08-23
CVE-2022-34916 Improper Input Validation (JNDI Injection) in JMSMessageConsumer — Apache FlumeCWE-20 9.8 -2022-08-21
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag — Apache Airflow 8.8 -2022-08-16
CVE-2022-37401 Apache OpenOffice Weak Master Keys — Apache OpenOfficeCWE-331 8.8 -2022-08-13
CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password — Apache OpenOfficeCWE-330 6.5 -2022-08-13
CVE-2022-31779 Improper HTTP/2 scheme and method validation — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-25763 Improper input validation on HTTP/2 headers — Apache Traffic ServerCWE-444 7.5 -2022-08-10
CVE-2021-37150 Protocol vs scheme mismatch — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-28129 Insufficient Validation of HTTP/1.x Headers — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-31778 Transfer-Encoding not treated as hop-by-hop — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-31780 HTTP/2 framing vulnerabilities — Apache Traffic ServerCWE-20 7.5 -2022-08-10
CVE-2022-36125 Integer overflow when reading corrupted .avro file in Avro Rust SDK — Apache AvroCWE-20 7.5 -2022-08-09
CVE-2022-36124 Memory overconsumption in Avro Rust SDK — Apache AvroCWE-770 7.5 -2022-08-09
CVE-2022-35724 Denial of service while reading data in Avro Rust SDK — Apache AvroCWE-20 7.5 -2022-08-09
CVE-2022-25168 Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar — Apache HadoopCWE-78 9.8 -2022-08-04
CVE-2022-34158 User Group Privilege Escalation — Apache JSPWiki 8.8 -2022-08-04
CVE-2022-28732 Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin — Apache JSPWiki 6.1 -2022-08-04
CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp — Apache JSPWiki 8.8 -2022-08-04

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.