Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-51785 Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager — Apache InLongCWE-502 7.5AIHighAI2024-01-03
CVE-2023-49299 Apache DolphinScheduler: Arbitrary js execute as root for authenticated users — Apache DolphinSchedulerCWE-20 8.2 -2023-12-30
CVE-2023-47804 Apache OpenOffice: Macro URL arbitrary script execution — Apache OpenOfficeCWE-20 7.8 -2023-12-29
CVE-2023-51467 Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability — Apache OFBiz 9.8AICriticalAI2023-12-26
CVE-2023-50968 Apache OFBiz: Arbitrary file properties reading and SSRF attack — Apache OFBizCWE-200 6.5AIMediumAI2023-12-26
CVE-2023-51656 Apache IoTDB: Unsafe deserialize map in Sync Tool — Apache IoTDBCWE-502 9.8AICriticalAI2023-12-21
CVE-2023-48291 Apache Airflow: Improper access control to DAG resources — Apache AirflowCWE-668 4.3AIMediumAI2023-12-21
CVE-2023-50783 Apache Airflow: Improper access control vulnerability on the "varimport" endpoint — Apache AirflowCWE-284 6.5AIMediumAI2023-12-21
CVE-2023-47265 Apache Airflow: DAG Params alllow to embed unchecked Javascript — Apache AirflowCWE-79 5.4AIMediumAI2023-12-21
CVE-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger — Apache AirflowCWE-352 8.3AIHighAI2023-12-21
CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS — Apache Pulsar WebSocket ProxyCWE-287 7.5 High2023-12-20
CVE-2023-43826 Apache Guacamole: Integer overflow in handling of VNC image buffers — Apache GuacamoleCWE-190--2023-12-19
CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability — Apache SupersetCWE-863 7.7 High2023-12-19
CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro — Apache SupersetCWE-89 6.5 Medium2023-12-19
CVE-2023-46104 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb — Apache SupersetCWE-400 6.5 Medium2023-12-19
CVE-2023-41314 Apache Doris: Missing API authentication allowed DoS — Apache DorisCWE-863 9.1AICriticalAI2023-12-18
CVE-2023-30867 Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability — Apache StreamPark (incubating)CWE-89 6.5 -2023-12-15
CVE-2023-49898 Apache StreamPark (incubating): Authenticated system users could trigger remote command execution — Apache StreamPark (incubating)CWE-77 8.8 -2023-12-15
CVE-2023-46279 Apache Dubbo: Bypass deny serialize list check in Apache Dubbo — Apache DubboCWE-502 9.8 -2023-12-15
CVE-2023-29234 Bypass serialize checks in Apache Dubbo — Apache DubboCWE-502 9.8 -2023-12-15
CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. — Apache ShiroCWE-601 6.1AIMediumAI2023-12-14
CVE-2023-45725 Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents — Apache CouchDBCWE-200 7.5AIHighAI2023-12-13
CVE-2023-50164 Apache Struts: File upload component had a directory traversal vulnerability — Apache StrutsCWE-552 9.8 -2023-12-07
CVE-2023-41835 Apache Struts: excessive disk usage — Apache StrutsCWE-459 8.2 -2023-12-05
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present — Apache OFBizCWE-94 9.8 -2023-12-05
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE — Apache TilesCWE-22 10.0 -2023-11-30
CVE-2023-49733 Apache Cocoon's StreamGenerator is vulnerable to XXE injection — Apache CocoonCWE-611 7.5 -2023-11-30
CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for — Apache DolphinSchedulerCWE-862 4.3 -2023-11-30
CVE-2022-45135 Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction — Apache CocoonCWE-89 9.8 -2023-11-30
CVE-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service — Apache SupersetCWE-770 5.8 Medium2023-11-28

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.