Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2024-31979 Apache StreamPipes: Possibility of SSRF in pipeline element installation process — Apache StreamPipesCWE-918 8.1AIHighAI2024-07-17
CVE-2024-30471 Apache StreamPipes: Potential creation of multiple identical accounts — Apache StreamPipesCWE-367 7.4AIHighAI2024-07-17
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution — Apache StreamPark (incubating)CWE-77 8.8AIHighAI2024-07-17
CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution — Apache StreamPark (incubating)CWE-77 8.8AIHighAI2024-07-17
CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler — Apache AirflowCWE-94 8.8AIHighAI2024-07-17
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability — Apache AirflowCWE-79 5.4AIMediumAI2024-07-17
CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions — Apache SupersetCWE-89 4.3 Medium2024-07-16
CVE-2023-52290 Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability — Apache StreamPark (incubating)CWE-89 6.5AIMediumAI2024-07-16
CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability — Apache Linkis DataSourceCWE-502 8.1 -2024-07-15
CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability — Apache Linkis DataSourceCWE-502 8.1 -2024-07-15
CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading — Apache Linkis DataSourceCWE-552 6.5 -2024-07-15
CVE-2024-36522 Apache Wicket: Remote code execution via XSLT injection — Apache WicketCWE-74 9.8AICriticalAI2024-07-12
CVE-2024-37389 Apache NiFi: Improper Neutralization of Input in Parameter Context Description — Apache NiFiCWE-79 4.6 Medium2024-07-08
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution — Apache CloudStackCWE-94 10.0 -2024-07-05
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled — Apache CloudStackCWE-665 9.1 -2024-07-05
CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType — Apache HTTP Server 7.5 -2024-07-04
CVE-2024-34750 Apache Tomcat: HTTP/2 excess header handling DoS — Apache TomcatCWE-755 5.3AIMediumAI2024-07-03
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution — Apache HTTP ServerCWE-20 9.3AICriticalAI2024-07-01
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request — Apache HTTP ServerCWE-476 7.5 -2024-07-01
CVE-2024-38476 Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect — Apache HTTP ServerCWE-829 9.1AICriticalAI2024-07-01
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38473 Apache HTTP Server proxy encoding problem — Apache HTTP ServerCWE-116 9.8AICriticalAI2024-07-01
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF — Apache HTTP ServerCWE-918 7.5AIHighAI2024-07-01
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 — Apache HTTP ServerCWE-476 7.5AIHighAI2024-07-01
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation — Apache StreamPipesCWE-338 8.1AIHighAI2024-06-24
CVE-2024-27136 Apache JSPWiki: Cross-site scripting vulnerability on upload page — Apache JSPWikiCWE-79 6.1AIMediumAI2024-06-24
CVE-2024-38379 Apache Allura: Stored authenticated XSS — Apache AlluraCWE-79 4.8 -2024-06-22
CVE-2024-34693 Apache Superset: Server arbitrary file read — Apache SupersetCWE-20 6.8 Medium2024-06-20
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache — Apache AirflowCWE-525 7.5AIHighAI2024-06-14

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.