Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-36161 Unprotected input value toString cause RCE — Apache Dubbo 9.8 -2021-09-09
CVE-2021-36163 Unsafe deserialization in providers using the Hessian protocol — Apache Dubbo 9.1 -2021-09-07
CVE-2021-36162 Unprotected yaml deserialization cause RCE — Apache Dubbo 8.8 -2021-09-07
CVE-2019-10095 bash command injection in spark interpreter — Apache Zeppelin 9.8 -2021-09-02
CVE-2020-13929 Notebook permissions bypass — Apache Zeppelin 9.8 -2021-09-02
CVE-2021-27578 Cross Site Scripting in markdown interpreter — Apache Zeppelin 6.1 -2021-09-02
CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol — Apache NiFi - MiNiFi C++CWE-78 9.8 -2021-08-24
CVE-2021-35940 Regression of CVE-2017-12613 — Apache Portable Runtime (APR) 8.1 -2021-08-23
CVE-2021-37608 Arbitrary file upload vulnerability in OFBiz — Apache OFBizCWE-434 9.8 -2021-08-18
CVE-2021-33580 regex injection leading to DoS — Apache RollerCWE-400 7.5 -2021-08-18
CVE-2021-35936 No Authentication on Logging Server — Apache AirflowCWE-200 5.3 -2021-08-16
CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy — Apache HTTP Server 7.5 -2021-08-16
CVE-2021-21501 ServiceComb ServiceCenter Directory Traversal — Apache ServiceCombCWE-22 9.1 -2021-08-10
CVE-2021-37578 Remote code execution via RMI — Apache jUDDICWE-502 9.8 -2021-07-29
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass — Apache Directory StudioCWE-311 7.5 -2021-07-26
CVE-2021-28131 Impala logs contain secrets — Apache ImpalaCWE-288 8.8 -2021-07-22
CVE-2021-36374 Apache Ant ZIP, and ZIP based, archive denial of service vulerability — Apache AntCWE-130 5.5 -2021-07-14
CVE-2021-36373 Apache Ant TAR archive denial of service vulnerability — Apache AntCWE-130 5.5 -2021-07-14
CVE-2021-36090 Apache Commons Compress 1.0 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13
CVE-2021-35517 Apache Commons Compress 1.1 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13
CVE-2021-35516 Apache Commons Compress 1.6 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13
CVE-2021-35515 Apache Commons Compress 1.6 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-834 7.5 -2021-07-13
CVE-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0 — Apache TomcatCWE-444 5.3 -2021-07-12
CVE-2021-30640 Auth weakness in JNDIRealm — Apache Tomcat 6.5 -2021-07-12
CVE-2021-30639 DoS after non-blocking IO error — Apache Tomcat 6.5 -2021-07-12
CVE-2021-30129 DoS/OOM leak vulnerability in Apache Mina SSHD Server — Apache Mina SSHD 9.1 -2021-07-12
CVE-2021-33192 Display information UI XSS — Apache Jena FusekiCWE-79 6.1 -2021-07-05
CVE-2021-26920 Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended — Apache Druid 6.5 -2021-07-02
CVE-2021-35474 Dynamic stack buffer overflow in cachekey plugin — Apache Traffic ServerCWE-121 9.8 -2021-06-30
CVE-2021-32567 Reading HTTP/2 frames too many times — Apache Traffic ServerCWE-20 7.5 -2021-06-30

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.