Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-28330 read beyond bounds in mod_isapi — Apache HTTP ServerCWE-125 5.3 -2022-06-08
CVE-2022-26377 mod_proxy_ajp: Possible request smuggling — Apache HTTP ServerCWE-444 3.7 -2022-06-08
CVE-2022-24969 bypass of CVE-2021-25640 — Apache DubboCWE-918 6.1 -2022-06-06
CVE-2022-30973 Missing fix for CVE-2022-30126 in 1.28.2 — Apache Tika 5.5 -2022-05-31
CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability — Apache Archiva 8.1 -2022-05-25
CVE-2022-29599 Commandline class shell injection vulnerabilities — Apache MavenCWE-116 9.8 -2022-05-23
CVE-2022-26650 Apache ShenYu (incubating) Regular expression denial of service — Apache ShenYu (incubating)CWE-1333 7.5 -2022-05-17
CVE-2022-30126 Apache Tika Regular Expression Denial of Service in Standards Extractor — Apache Tika 5.5 -2022-05-16
CVE-2022-25169 Apache Tika BPGParser Memory Usage DoS — Apache Tika 5.5 -2022-05-16
CVE-2022-25762 Response mix-up with WebSocket concurrent send and close — Apache TomcatCWE-404 9.4 -2022-05-13
CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks — Apache TomcatCWE-400 7.5 -2022-05-12
CVE-2022-28890 Processing external DTDs — Apache Jena 9.1 -2022-05-05
CVE-2022-29265 Improper Restriction of XML External Entity References in Multiple Components — Apache NiFiCWE-611 7.5 -2022-04-30
CVE-2022-23942 Apache Doris hardcoded cryptography initialization — Apache Doris(Incubating)CWE-798 7.5 -2022-04-26
CVE-2022-24706 Remote Code Execution Vulnerability in Packaging — Apache CouchDBCWE-1188 9.8 -2022-04-26
CVE-2022-29266 apisix/jwt-auth may leak secrets in error response — Apache APISIXCWE-209 7.5 -2022-04-20
CVE-2022-27479 SQL injection vulnerability in chart data API — Apache SupersetCWE-89 9.8 -2022-04-13
CVE-2022-24070 Apache Subversion mod_dav_svn is vulnerable to memory corruption — Apache SubversionCWE-416 9.8 -2022-04-12
CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression — Apache SubversionCWE-200 4.3 -2022-04-12
CVE-2021-31805 Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. — Apache StrutsCWE-917 9.8 -2022-04-12
CVE-2022-26612 Arbitrary file write in FileUtil#unpackEntries on Windows — Apache Hadoop 9.1 -2022-04-07
CVE-2022-26850 Insufficiently protected credentials — Apache NiFi 4.3 -2022-04-06
CVE-2022-23974 Pinot segment push endpoint has a vulnerability in unprotected environments — Apache PinotCWE-674 7.5 -2022-04-05
CVE-2022-25598 Apache DolphinScheduler user registration is vulnerable to ReDoS attacks — Apache DolphinSchedulerCWE-1333 7.5 -2022-03-30
CVE-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed — Apache APISIXCWE-20 9.8 -2022-03-28
CVE-2021-44759 Improper authentication vulnerability in TLS origin verification — Apache Traffic ServerCWE-287 7.7 -2022-03-23
CVE-2021-44040 HTTP request line fuzzing attacks — Apache Traffic ServerCWE-20 7.5 -2022-03-23
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation — Apache CloudStack 8.8 -2022-03-15
CVE-2022-23943 mod_sed: Read/write beyond bounds — Apache HTTP ServerCWE-787 9.1 -2022-03-14
CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody — Apache HTTP ServerCWE-190 9.1 -2022-03-14

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.