Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-38294 Shell Command Injection Vulnerability in Nimbus Thrift Server — Apache StormCWE-74 9.8 -2021-10-25
CVE-2021-41971 Possible SQL Injection when template processing is enabled — Apache SupersetCWE-89 8.8 -2021-10-18
CVE-2021-32609 XSS vulnerability on Explore page — Apache SupersetCWE-79 6.4 -2021-10-18
CVE-2021-42340 DoS via memory leak with WebSocket connections — Apache TomcatCWE-772 7.5 -2021-10-14
CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments — Apache CouchDB 7.3 -2021-10-14
CVE-2021-42009 Apache Traffic Control Traffic Ops Email Injection Vulnerability — Apache Traffic ControlCWE-20 4.3 -2021-10-12
CVE-2021-41832 Content Manipulation with Certificate Validation Attack — Apache OpenOfficeCWE-347 7.5 -2021-10-11
CVE-2021-41831 Timestamp Manipulation with Signature Wrapping — Apache OpenOfficeCWE-347 4.0 -2021-10-11
CVE-2021-41830 Double Certificate Attack — Apache OpenOfficeCWE-347 7.5 -2021-10-11
CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) — Apache HTTP ServerCWE-22 9.8 -2021-10-07
CVE-2021-40439 Billion Laughs — Apache OpenOfficeCWE-611 8.1 -2021-10-07
CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid — Apache OpenOfficeCWE-284 7.1 -2021-10-07
CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 — Apache HTTP ServerCWE-22 9.1 -2021-10-05
CVE-2021-41524 null pointer dereference in h2 fuzzing — Apache HTTP ServerCWE-476 7.5 -2021-10-05
CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability — Apache DB ddlutilsCWE-502 9.8 -2021-09-30
CVE-2021-36749 Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920) — Apache Druid 6.5 -2021-09-24
CVE-2021-33035 Buffer overflow from a crafted DBF file — Apache OpenOfficeCWE-120 7.8 -2021-09-23
CVE-2021-38153 Timing Attack Vulnerability for Apache Kafka Connect and Clients — Apache KafkaCWE-203 5.9 -2021-09-22
CVE-2021-40690 Bypass of the secureValidation property — Apache SantuarioCWE-200 7.5 -2021-09-19
CVE-2021-41303 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass — Apache ShiroCWE-287 9.8 -2021-09-17
CVE-2021-41079 Apache Tomcat DoS with unexpected TLS packet — Apache TomcatCWE-20 7.5 -2021-09-16
CVE-2021-40438 mod_proxy SSRF — Apache HTTP ServerCWE-918 8.1 -2021-09-16
CVE-2021-39275 ap_escape_quotes buffer overflow — Apache HTTP Server 9.8 -2021-09-16
CVE-2021-39239 XML External Entity (XXE) vulnerability — Apache Jena 7.5 -2021-09-16
CVE-2021-36160 mod_proxy_uwsgi out of bound read — Apache HTTP ServerCWE-125 7.5 -2021-09-16
CVE-2021-34798 NULL pointer dereference in httpd core — Apache HTTP ServerCWE-476 7.5 -2021-09-16
CVE-2021-40146 A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java — Apache Any23 9.8 -2021-09-11
CVE-2021-38555 An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java — Apache Any23 9.1 -2021-09-11
CVE-2021-38540 Apache Airflow: Variable Import endpoint missed authentication check — Apache AirflowCWE-269 9.8 -2021-09-09
CVE-2021-37579 Bypass deserialization checks in Apache Dubbo — Apache Dubbo 9.8 -2021-09-09

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.