Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability — Apache Linkis (incubating)CWE-502 8.8 -2023-01-31
CVE-2023-24829 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench — Apache IoTDB WorkbenchCWE-863 8.8 -2023-01-31
CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization — Apache IoTDB WorkbenchCWE-287 9.8 -2023-01-30
CVE-2023-22884 Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow — Apache AirflowCWE-77 9.8 -2023-01-21
CVE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting — Apache HTTP ServerCWE-113 7.5 -2023-01-17
CVE-2022-36760 Apache HTTP Server: mod_proxy_ajp Possible request smuggling — Apache HTTP ServerCWE-444 3.7 -2023-01-17
CVE-2006-20001 Apache HTTP Server: mod_dav out of bounds read, or write of zero byte — Apache HTTP ServerCWE-787 7.5 -2023-01-17
CVE-2022-41703 Apache Superset: SQL injection vulnerability in adhoc clauses — Apache Superset 5.4 -2023-01-16
CVE-2022-45438 Apache Superset: Dashboard metadata information leak — Apache SupersetCWE-668 5.3 -2023-01-16
CVE-2022-43721 Apache Superset: Open Redirect Vulnerability — Apache SupersetCWE-601 5.4 -2023-01-16
CVE-2022-43720 Apache Superset: Improper rendering of user input — Apache SupersetCWE-74 4.6 -2023-01-16
CVE-2022-43719 Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API — Apache SupersetCWE-352 8.8 -2023-01-16
CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms — Apache SupersetCWE-79 5.4 -2023-01-16
CVE-2022-43717 Apache Superset: Cross-Site Scripting on dashboards — Apache SupersetCWE-79 5.4 -2023-01-16
CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request — Apache ShiroCWE-436 7.5 -2023-01-14
CVE-2022-46769 Apache Sling App CMS: XSS in CMS Site Group Detail — Apache Sling App CMSCWE-79 5.4 -2023-01-09
CVE-2022-45935 Apache James server: Temporary File Information Disclosure — Apache James serverCWE-668 5.5 -2023-01-06
CVE-2022-45787 Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider — Apache James MIME4JCWE-312 5.5 -2023-01-06
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin — Apache DolphinSchedulerCWE-20 9.8 -2023-01-04
CVE-2022-45143 Apache Tomcat: JsonErrorReportValve escaping — Apache TomcatCWE-116 7.5 -2023-01-03
CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller — Apache Kylin 9.8 -2022-12-30
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration — Apache Kylin 8.8 -2022-12-30
CVE-2022-45347 Apache ShardingSphere-Proxy: MySQL authentication bypass — Apache ShardingSphere-ProxyCWE-459 9.8 -2022-12-22
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection — Apache KarafCWE-74 9.8 -2022-12-21
CVE-2022-46421 Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params — Apache Airflow Hive ProviderCWE-77 9.8 -2022-12-20
CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin — Apache Traffic ServerCWE-79 6.1 -2022-12-19
CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests — Apache Traffic ServerCWE-754 8.2 -2022-12-19
CVE-2022-32749 Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins — Apache Traffic ServerCWE-754 7.5 -2022-12-19
CVE-2022-47500 Apache Helix: Open redirect — Apache HelixCWE-601 6.1 -2022-12-19
CVE-2022-46870 Apache Zeppelin: Stored XSS in note permissions — Apache ZeppelinCWE-79 5.4 -2022-12-16

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.