Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-26697 Apache Airflow: Lineage API endpoint for Experimental API missed authentication check — Apache AirflowCWE-269 5.3 -2021-02-17
CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API — Apache AirflowCWE-284 8.1 -2021-02-17
CVE-2021-25646 Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. — Apache Druid 8.8 -2021-01-29
CVE-2021-26118 Flaw in ActiveMQ Artemis OpenWire support — Apache ActiveMQ ArtemisCWE-284 7.5 -2021-01-27
CVE-2021-26117 ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind — Apache ActiveMQCWE-287 7.5 -2021-01-27
CVE-2020-17532 Apache ServiceComb Yaml remote deserialization vulnerability — Apache ServiceComb-Java-ChassisCWE-20 8.8 -2021-01-25
CVE-2021-23901 An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser — Apache NutchCWE-611 9.1 -2021-01-25
CVE-2021-23926 XMLBeans XML Entity Expansion — Apache XMLBeans 9.1 -2021-01-14
CVE-2021-24122 Apache Tomcat information disclosure — Apache TomcatCWE-200 5.9 -2021-01-14
CVE-2020-11995 Apache Dubbo default deserialization protocol Hessian2 cause CRE — Apache DubboCWE-502 9.8 -2021-01-11
CVE-2020-13922 Apache DolphinScheduler (incubating) Permission vulnerability — Apache DolphinSchedulerCWE-264 6.5 -2021-01-11
CVE-2020-17519 Apache Flink directory traversal attack: reading remote files through the REST API — Apache FlinkCWE-552 7.5 -2021-01-05
CVE-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API — Apache FlinkCWE-23 7.5 -2021-01-05
CVE-2020-17533 Apache Accumulo Improper Handling of Insufficient Permissions — Apache AccumuloCWE-252 8.1 -2020-12-29
CVE-2020-17526 Apache Airflow Webserver 安全漏洞 — Apache Airflow 6.5 -2020-12-21
CVE-2020-17511 Apache Airflow 加密问题漏洞 — Apache Airflow 6.5 -2020-12-14
CVE-2020-17513 Apache Airflow 代码问题漏洞 — Apache AirflowCWE-918 5.3 -2020-12-14
CVE-2020-17515 Apache Airflow 跨站脚本漏洞 — Apache Airflow 6.1 -2020-12-11
CVE-2020-17530 Apache Struts 代码注入漏洞 — Apache Struts 9.8 -2020-12-11
CVE-2020-17529 Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header — Apache NuttX (incubating)CWE-787 9.8 -2020-12-09
CVE-2020-17528 Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length — Apache NuttX (incubating)CWE-787 7.5 -2020-12-09
CVE-2020-17531 Deserialization flaw in EOL Tapestry 4. — Apache TapestryCWE-502 9.8 -2020-12-08
CVE-2020-17521 Apache Groovy 安全漏洞 — Apache Groovy 4.3 -2020-12-07
CVE-2020-13945 Apache Apisix 安全漏洞 — Apache APISIX 6.5 -2020-12-07
CVE-2020-17527 Apache Tomcat: Request header mix-up between HTTP/2 streams — Apache TomcatCWE-200 7.5 -2020-12-03
CVE-2020-13942 Remote Code Execution in Apache Unomi — Apache UnomiCWE-20 9.1 -2020-11-24
CVE-2020-13954 Apache CXF Reflected XSS in the services listing page via the styleSheetPath — Apache CXFCWE-79 6.1 -2020-11-12
CVE-2020-9485 Apache Airflow 跨站脚本漏洞 — Apache Airflow 5.4 -2020-07-16
CVE-2020-11983 Apache Airflow 跨站脚本漏洞 — Apache Airflow 5.4 -2020-07-16
CVE-2020-11982 Apache Airflow 代码问题漏洞 — Apache Airflow 9.8 -2020-07-16

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.