Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1 — Apache Log4j 1.xCWE-89 9.8 -2022-01-18
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x — Apache Log4j 1.xCWE-502 8.8 -2022-01-18
CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox — Apache KnoxCWE-79 6.1 -2022-01-17
CVE-2021-43999 Improper validation of SAML responses — Apache GuacamoleCWE-287 8.8 -2022-01-11
CVE-2021-41767 Private tunnel identifier may be included in the non-private details of active connections — Apache GuacamoleCWE-200 6.5 -2022-01-11
CVE-2021-43297 Dubbo Hessian cause RCE when parse error — Apache DubboCWE-502 9.8 -2022-01-10
CVE-2021-43045 Possible DOS vulnerabilities in C# Avro SDK — Apache AvroCWE-770 7.5 -2022-01-06
CVE-2021-45458 Hardcoded credentials — Apache KylinCWE-798 7.5 -2022-01-06
CVE-2021-45457 Overly broad CORS configuration — Apache Kylin 7.5 -2022-01-06
CVE-2021-45456 Command injection — Apache Kylin 9.8 -2022-01-06
CVE-2021-36774 Mysql JDBC Connector Deserialize RCE — Apache Kylin 6.5 -2022-01-06
CVE-2021-31522 Apache Kylin unsafe class loading — Apache Kylin 9.8 -2022-01-06
CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF — Apache KylinCWE-918 7.5 -2022-01-06
CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-36738 XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-36737 XSS in V3 Demo Portlet — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-40525 Sieve file storage vulnerable to path traversal attacks — Apache JamesCWE-22 9.1 -2022-01-04
CVE-2021-40111 Apache James IMAP parsing Denial Of Service — Apache James 6.5 -2022-01-04
CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS — Apache James 7.5 -2022-01-04
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3) — Apache JamesCWE-77 5.9 -2022-01-04
CVE-2021-34797 Apache Geode project log file redaction of sensitive information vulnerability — Apache GeodeCWE-532 7.5 -2022-01-04
CVE-2021-44832 Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration — Apache Log4j2CWE-20 6.6 -2021-12-28
CVE-2021-45232 security vulnerability on unauthorized access. — Apache APISIX DashboardCWE-306 9.8 -2021-12-27
CVE-2021-44548 Apache Solr information disclosure vulnerability through DataImportHandler — Apache SolrCWE-40 8.8 -2021-12-23
CVE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier — Apache HTTP ServerCWE-476 8.2 -2021-12-20
CVE-2021-41561 Apache Parquet-MR potential DoS in case of malicious Parquet file — Apache ParquetCWE-20 7.5 -2021-12-20
CVE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier — Apache HTTP ServerCWE-787 9.8 -2021-12-20
CVE-2021-43083 Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response — Apache PLC4XCWE-119 8.1 -2021-12-19
CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation — Apache Log4j2CWE-20 5.9 -2021-12-18
CVE-2021-44145 Apache NiFi information disclosure by XXE — Apache NiFi 6.5 -2021-12-17

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.