Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1676

Browse all 1676 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache GeodeApache FineractApache JSPWikiApache KylinApache PulsarApache DubboApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack — Apache DolphinSchedulerCWE-20 8.8AIHighAI2025-09-03
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) — Apache CassandraCWE-267 8.8 -2025-08-25
CVE-2025-54812 Apache Log4cxx: Improper HTML escaping in HTMLLayout — Apache Log4cxxCWE-117 6.1AIMediumAI2025-08-22
CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout — Apache Log4cxxCWE-117 5.3AIMediumAI2025-08-22
CVE-2024-48988 Apache StreamPark: SQL injection vulnerability — Apache StreamParkCWE-564 9.8 -2025-08-22
CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA — Apache Tika PDF parser moduleCWE-611 8.4 High2025-08-20
CVE-2024-39954 Apache EventMesh Runtime: SSRF — Apache EventMesh RuntimeCWE-918 9.1 -2025-08-20
CVE-2025-53192 Apache Commons OGNL: Expression Injection leading to RCE — Apache Commons OGNLCWE-146 9.8 -2025-08-18
CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin — Apache OFBizCWE-94 9.8AICriticalAI2025-08-15
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API — Apache SupersetCWE-285 4.3AIMediumAI2025-08-14
CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions — Apache SupersetCWE-89 6.5AIMediumAI2025-08-14
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata — Apache SupersetCWE-80 5.4AIMediumAI2025-08-14
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts — Apache SupersetCWE-200 3.5AILowAI2025-08-14
CVE-2025-54472 Apache bRPC: Redis Parser Remote Denial of Service — Apache bRPCCWE-400 7.5AIHighAI2025-08-14
CVE-2025-55668 Apache Tomcat: session fixation via rewrite valve — Apache TomcatCWE-384 9.8 -2025-08-13
CVE-2025-48989 Apache Tomcat: h2 DoS - Made You Reset — Apache TomcatCWE-404 7.5AIHighAI2025-08-13
CVE-2025-53606 Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server — Apache Seata (incubating)CWE-502 9.8 -2025-08-08
CVE-2025-48913 Apache CXF: Untrusted JMS configuration can lead to RCE — Apache CXFCWE-20 9.8 -2025-08-08
CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH — Apache ZeppelinCWE-1385 5.3 -2025-08-03
CVE-2024-41177 Apache Zeppelin: XSS in the Helium module — Apache ZeppelinCWE-79 6.1 -2025-08-03
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string — Apache ZeppelinCWE-20 9.1 -2025-08-03
CVE-2025-24854 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin — Apache JSPWikiCWE-79 6.1AIMediumAI2025-07-31
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing — Apache JSPWikiCWE-79 4.7AIMediumAI2025-07-31
CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs — Apache Struts ExtrasCWE-117 5.3AIMediumAI2025-07-30
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 — Apache HTTP ServerCWE-253 7.5 -2025-07-23
CVE-2025-50151 Apache Jena: Configuration files uploaded by administrative users are not check properly — Apache JenaCWE-20 7.2 -2025-07-21
CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI — Apache JenaCWE-22 4.9 -2025-07-21
CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs — Apache CXFCWE-400 5.5 -2025-07-15
CVE-2025-53689 Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons — Apache JackrabbitCWE-611 9.8 -2025-07-14
CVE-2024-41169 Apache Zeppelin: raft directory listing and file read — Apache ZeppelinCWE-664 7.5AIHighAI2025-07-12

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.