Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-33036	Apache Hadoop Privilege escalation vulnerability — Apache HadoopCWE-264	8.8	-	2022-06-15
CVE-2022-25167	Apache Flume vulnerable to a JNDI RCE in JMSSource — Apache FlumeCWE-20	9.8	-	2022-06-14
CVE-2021-37404	Heap buffer overflow in libhdfs native library — Apache HadoopCWE-787	9.8	-	2022-06-13
CVE-2022-31813	mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism — Apache HTTP ServerCWE-348	9.8	-	2022-06-08
CVE-2022-30556	Information Disclosure in mod_lua with websockets — Apache HTTP ServerCWE-200	-	-	2022-06-08
CVE-2022-30522	mod_sed denial of service — Apache HTTP ServerCWE-789	7.5	-	2022-06-08
CVE-2022-29404	Denial of service in mod_lua r:parsebody — Apache HTTP ServerCWE-770	7.5	-	2022-06-08
CVE-2022-28615	Read beyond bounds in ap_strcmp_match() — Apache HTTP ServerCWE-190	9.1	-	2022-06-08
CVE-2022-28614	read beyond bounds via ap_rwrite() — Apache HTTP ServerCWE-190	5.3	-	2022-06-08
CVE-2022-28330	read beyond bounds in mod_isapi — Apache HTTP ServerCWE-125	5.3	-	2022-06-08
CVE-2022-26377	mod_proxy_ajp: Possible request smuggling — Apache HTTP ServerCWE-444	3.7	-	2022-06-08
CVE-2022-24969	bypass of CVE-2021-25640 — Apache DubboCWE-918	6.1	-	2022-06-06
CVE-2022-30973	Missing fix for CVE-2022-30126 in 1.28.2 — Apache Tika	5.5	-	2022-05-31
CVE-2022-29405	Apache Archiva Arbitrary user password reset vulnerability — Apache Archiva	8.1	-	2022-05-25
CVE-2022-29599	Commandline class shell injection vulnerabilities — Apache MavenCWE-116	9.8	-	2022-05-23
CVE-2022-26650	Apache ShenYu (incubating) Regular expression denial of service — Apache ShenYu (incubating)CWE-1333	7.5	-	2022-05-17
CVE-2022-30126	Apache Tika Regular Expression Denial of Service in Standards Extractor — Apache Tika	5.5	-	2022-05-16
CVE-2022-25169	Apache Tika BPGParser Memory Usage DoS — Apache Tika	5.5	-	2022-05-16
CVE-2022-25762	Response mix-up with WebSocket concurrent send and close — Apache TomcatCWE-404	9.4	-	2022-05-13
CVE-2022-29885	EncryptInterceptor does not provide complete protection on insecure networks — Apache TomcatCWE-400	7.5	-	2022-05-12
CVE-2022-28890	Processing external DTDs — Apache Jena	9.1	-	2022-05-05
CVE-2022-29265	Improper Restriction of XML External Entity References in Multiple Components — Apache NiFiCWE-611	7.5	-	2022-04-30
CVE-2022-23942	Apache Doris hardcoded cryptography initialization — Apache Doris(Incubating)CWE-798	7.5	-	2022-04-26
CVE-2022-24706	Remote Code Execution Vulnerability in Packaging — Apache CouchDBCWE-1188	9.8	-	2022-04-26
CVE-2022-29266	apisix/jwt-auth may leak secrets in error response — Apache APISIXCWE-209	7.5	-	2022-04-20
CVE-2022-27479	SQL injection vulnerability in chart data API — Apache SupersetCWE-89	9.8	-	2022-04-13
CVE-2022-24070	Apache Subversion mod_dav_svn is vulnerable to memory corruption — Apache SubversionCWE-416	9.8	-	2022-04-12
CVE-2021-28544	Apache Subversion SVN authz protected copyfrom paths regression — Apache SubversionCWE-200	4.3	-	2022-04-12
CVE-2021-31805	Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. — Apache StrutsCWE-917	9.8	-	2022-04-12
CVE-2022-26612	Arbitrary file write in FileUtil#unpackEntries on Windows — Apache Hadoop	9.1	-	2022-04-07

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Apache Software Foundation — Vulnerabilities & Security Advisories 1685