Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2023-39456 Apache Traffic Server: Malformed http/2 frames can cause an abort — Apache Traffic ServerCWE-20 7.5 -2023-10-17
CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation — Apache Traffic ServerCWE-200 7.5 -2023-10-17
CVE-2023-43666 Apache InLong: General user Unauthorized access User Management — Apache InLongCWE-345 6.5 -2023-10-16
CVE-2023-43667 Apache InLong: Log Injection in Global functions — Apache InLongCWE-74 5.3 -2023-10-16
CVE-2023-43668 Apache InLong: Jdbc Connection Security Bypass in InLong — Apache InLongCWE-639 9.8 -2023-10-16
CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability — Apache bRPCCWE-79 6.1 -2023-10-16
CVE-2023-42663 Apache Airflow: Bypass permission verification to view task instances of other dags — Apache AirflowCWE-200 4.3 -2023-10-14
CVE-2023-42792 Apache Airflow: Improper access control to DAG resources — Apache AirflowCWE-668 4.3 -2023-10-14
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability — Apache AirflowCWE-200 4.3 -2023-10-14
CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature — Apache AirflowCWE-200 4.3 -2023-10-14
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication — Apache ZooKeeperCWE-639 9.1 -2023-10-11
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient — Apache TomcatCWE-20 7.5 -2023-10-10
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests — Apache TomcatCWE-459 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows — Apache TomcatCWE-459 7.5 -2023-10-10
CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK — Apache Avro Java SDKCWE-502 7.5 -2023-09-29
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences — Apache Flink Stateful FunctionsCWE-113 5.4 -2023-09-19
CVE-2023-41267 Apache HDFS Provider error message suggested installation of incorrect pip package — Apache Airflow HDFS ProviderCWE-829 8.8 -2023-09-14
CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file — Apache Commons CompressCWE-20 7.5 -2023-09-14
CVE-2023-41081 Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request — Apache Tomcat Connectors 6.5 -2023-09-13
CVE-2023-40712 Apache Airflow: Secrets can be unmasked in the "Rendered Template" — Apache AirflowCWE-200 4.3 -2023-09-12
CVE-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability — Apache AirflowCWE-863 7.1 -2023-09-12
CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization — Apache SupersetCWE-863 4.3 Medium2023-09-06
CVE-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution — Apache SupersetCWE-502 6.6 Medium2023-09-06
CVE-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections — Apache SupersetCWE-20 3.8 Low2023-09-06
CVE-2023-39264 Apache Superset: Stack traces enabled by default — Apache SupersetCWE-209 4.3 Medium2023-09-06
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries — Apache SupersetCWE-863 5.0 Medium2023-09-06
CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF — Apache SupersetCWE-918 4.3 Medium2023-09-06
CVE-2023-27526 Apache Superset: Improper Authorization check on import charts — Apache SupersetCWE-863 4.3 Medium2023-09-06
CVE-2023-36387 Apache Superset: Improper API permission for low privilege users — Apache SupersetCWE-863 5.4 Medium2023-09-06
CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService — Apache AxisCWE-20 9.8 -2023-09-05

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.