Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier — Apache HTTP ServerCWE-444 9.8 -2022-03-14
CVE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody — Apache HTTP ServerCWE-665 7.5 -2022-03-14
CVE-2021-38296 Apache Spark Key Negotiation Vulnerability — Apache SparkCWE-294 7.5 -2022-03-10
CVE-2022-25312 An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor — Apache Any23 9.1 -2022-03-04
CVE-2022-26336 A carefully crafted TNEF file can cause an out of memory exception — poi-scratchpadCWE-770 5.5 -2022-03-04
CVE-2022-24948 Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen — Apache JSPWiki 6.1 -2022-02-25
CVE-2022-24947 Apache JSPWiki CSRF Account Takeover — Apache JSPWiki 8.8 -2022-02-25
CVE-2022-24288 Apache Airflow: RCE in example DAGs — Apache AirflowCWE-78 8.8 -2022-02-25
CVE-2021-45229 Apache Airflow: Reflected XSS via Origin Query Argument in URL — Apache AirflowCWE-79 6.1 -2022-02-25
CVE-2022-24289 Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions — Apache CayenneCWE-502 8.8 -2022-02-11
CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header — Apache APISIXCWE-290 9.8 -2022-02-11
CVE-2021-44521 Remote code execution for scripted UDFs — Apache CassandraCWE-94 9.1 -2022-02-11
CVE-2022-22931 Path traversal in Apache James 3.6.1 — Apache JamesCWE-22 4.3 -2022-02-07
CVE-2022-23206 Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth — Apache Traffic ControlCWE-918 7.5 -2022-02-06
CVE-2022-23913 Apache ActiveMQ Artemis DoS — Apache ActiveMQ ArtemisCWE-770 7.5 -2022-02-04
CVE-2021-36152 Insecure TrustManager used in LDAP connections — Apache Gobblin 9.8 -2022-02-04
CVE-2021-36151 Local Credentials Disclosure Vulnerability — Apache Gobblin 5.5 -2022-02-04
CVE-2021-44451 API sensitive information leak — Apache SupersetCWE-522 6.5 -2022-02-01
CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API — Apache PulsarCWE-863 6.5 -2022-02-01
CVE-2022-23181 Local privilege escalation with FileStore — Apache TomcatCWE-367 7.0 -2022-01-27
CVE-2022-22932 Path traversal flaws — Apache Karaf--2022-01-26
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf — Apache Karaf 8.1 -2022-01-26
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration — Apache ShenYu (incubating)CWE-862 9.1 -2022-01-25
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control — Apache ShenYu (incubating)CWE-862 9.1 -2022-01-25
CVE-2022-23223 Apache ShenYu Password leakage — Apache ShenYu (incubating)CWE-522 7.5 -2022-01-25
CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection — Apache ShenYu (incubating)CWE-94 9.8 -2022-01-25
CVE-2022-23437 Infinite loop within Apache XercesJ xml parser — Apache Xerces 7.5 -2022-01-24
CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure — Apache ShardingSphere ElasticJob-UICWE-200 8.1 -2022-01-20
CVE-2021-45230 Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver — Apache Airflow 6.5 -2022-01-20
CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. — Apache Log4j 1.xCWE-502 9.8 -2022-01-18

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.