Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-28125 Apache Superset Open Redirect — Apache SupersetCWE-601 6.1 -2021-04-27
CVE-2020-17517 Ozone S3 Gateway allows bucket and key access to non authenticated users — Apache OzoneCWE-285 7.5 -2021-04-27
CVE-2021-26291 block repositories using http by default — Apache Maven 9.1 -2021-04-23
CVE-2021-30245 Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks — Apache OpenOffice 8.8 -2021-04-15
CVE-2021-27850 Bypass of the fix for CVE-2019-0195 — Apache TapestryCWE-200 9.8 -2021-04-15
CVE-2021-29425 Possible limited path traversal vulnerabily in Apache Commons IO — Apache Commons IOCWE-20 9.1 -2021-04-13
CVE-2021-29943 Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections — Apache SolrCWE-863 9.1 -2021-04-13
CVE-2021-29262 Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings — Apache SolrCWE-522 7.5 -2021-04-13
CVE-2021-27905 SSRF vulnerability with the Replication handler — Apache SolrCWE-918 9.1 -2021-04-13
CVE-2021-22696 OAuth 2 authorization service vulnerable to DDos attacks — Apache CXFCWE-918 9.1 -2021-04-02
CVE-2021-28657 Infinite loop in Apache Tika's MP3 parser — Apache TikaCWE-835 5.5 -2021-03-31
CVE-2021-26919 Apache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems. — Apache Druid 8.8 -2021-03-30
CVE-2020-1946 Apache SpamAssassin has an OS Command Injection vulnerability — Apache SpamAssassinCWE-78 7.2 -2021-03-25
CVE-2021-26295 RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI — Apache OFBiz 9.8 -2021-03-22
CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file — Apache PDFBoxCWE-789 5.5 -2021-03-19
CVE-2021-27807 A carefully crafted PDF file can trigger an infinite loop while loading the file — Apache PDFBoxCWE-834 5.5 -2021-03-19
CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn — Apache SubversionCWE-476 7.5 -2021-03-17
CVE-2020-13924 Apache Ambari 路径遍历漏洞 — Apache Ambari 7.5 -2021-03-17
CVE-2020-1926 Timing attack in Cookie signature verification — Apache HiveCWE-208 5.9 -2021-03-16
CVE-2021-27576 Apache OpenMeetings: bandwidth can be overloaded with public web service — Apache OpenMeetings 7.5 -2021-03-15
CVE-2020-13936 Velocity Sandbox Bypass — Apache Velocity Engine 8.8 -2021-03-10
CVE-2020-13959 Velocity Tools XSS Vulnerability — Apache Velocity ToolsCWE-79 6.1 -2021-03-10
CVE-2020-35451 Oozie local privilege escalation — Apache OozieCWE-377 4.7 -2021-03-09
CVE-2021-27907 Apache Superset stored XSS on Dashboard markdown — Apache SupersetCWE-79 5.4 -2021-03-05
CVE-2020-1936 Stored XSS in Apache Ambari — Apache AmbariCWE-79 6.1 -2021-03-02
CVE-2020-9479 unzip directory traversal — Apache AsterixDB 5.5 -2021-03-01
CVE-2021-25122 Apache Tomcat h2c request mix-up — Apache TomcatCWE-200 7.5 -2021-03-01
CVE-2021-25329 Incomplete fix for CVE-2020-9484 — Apache Tomcat 7.4 -2021-03-01
CVE-2021-26544 Apache Livy (Incubating) is vulnerable to cross site scripting — Apache Livy (Incubating)CWE-79 5.4 -2021-02-20
CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces — Apache MyFaces CoreCWE-352 7.5 -2021-02-19

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.