Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-46365 Apache StreamPark (incubating): Logic error causing any account reset — Apache StreamPark (incubating)CWE-20 8.1 -2023-05-01
CVE-2022-45801 Apache StreamPark (incubating): LDAP Injection Vulnerability — Apache StreamPark (incubating)CWE-74 9.1 -2023-05-01
CVE-2022-45802 Apache StreamPark (incubating): Upload any file to any directory — Apache StreamPark (incubating)CWE-434 8.1 -2023-05-01
CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions. — Apache JenaCWE-917 6.1 -2023-04-25
CVE-2023-30776 Apache Superset: Database connection password leak — Apache SupersetCWE-522 4.9 Medium2023-04-24
CVE-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY — Apache SupersetCWE-1188 8.9 High2023-04-24
CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication — Apache DolphinSchedulerCWE-287 9.1 -2023-04-20
CVE-2023-25504 Apache Superset: Possible SSRF on import datasets — Apache SupersetCWE-918 4.9 Medium2023-04-17
CVE-2023-27525 Apache Superset: Incorrect default permissions for Gamma role — Apache SupersetCWE-863 3.1 Low2023-04-17
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class — Apache SparkCWE-269 6.4 Medium2023-04-17
CVE-2023-30771 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench — Apache IoTDB WorkbenchCWE-863 9.8 -2023-04-17
CVE-2023-24831 Apache IoTDB grafana-connector Login Bypass Vulnerability — Apache IoTDBCWE-287 8.8 -2023-04-17
CVE-2022-47501 Apache OFBiz: Arbitrary file reading vulnerability — Apache OFBizCWE-22 7.5 -2023-04-14
CVE-2022-45064 Apache Sling Engine: Include-based XSS — Apache Sling EngineCWE-79 8.0 High2023-04-13
CVE-2023-30465 Apache InLong: SQL injection in apache inLong 1.5.0 — Apache InLongCWE-89 5.3 -2023-04-11
CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution — Apache LinkisCWE-502 9.8 -2023-04-10
CVE-2023-27987 Apache Linkis gateway module token authentication bypass — Apache LinkisCWE-326 9.1 -2023-04-10
CVE-2023-27603 Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue — Apache LinkisCWE-22 9.8 -2023-04-10
CVE-2023-27602 Apache Linkis publicsercice module unrestricted upload of file — Apache LinkisCWE-434 9.8 -2023-04-10
CVE-2023-29215 Apache Linkis JDBC EngineCon has a deserialization command execution — Apache LinkisCWE-502 9.8 -2023-04-10
CVE-2023-28710 Apache Airflow Spark Provider Arbitrary File Read via JDBC — Apache Airflow Spark ProviderCWE-20--2023-04-07
CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution — Apache Airflow Hive ProviderCWE-94 9.8 -2023-04-07
CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability — Apache Airflow Drill ProviderCWE-20--2023-04-07
CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX — Apache James serverCWE-862 7.8 -2023-04-03
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE — Apache UIMA DUCCCWE-77 8.8 -2023-03-30
CVE-2023-28158 Apache Archiva privilege escalation — Apache ArchivaCWE-79 6.5 Medium2023-03-29
CVE-2023-28326 Apache OpenMeetings: allows user impersonation — Apache OpenMeetingsCWE-306 9.8 -2023-03-28
CVE-2023-25197 apache fineract: SQL injection vulnerability in certain procedure calls — apache fineractCWE-89 9.8 -2023-03-28
CVE-2023-25196 Apache Fineract: SQL injection vulnerability — Apache FineractCWE-89 8.1 -2023-03-28
CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users — Apache FineractCWE-918 8.1 -2023-03-28

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.