Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2022-26850 Insufficiently protected credentials — Apache NiFi 4.3 -2022-04-06
CVE-2022-23974 Pinot segment push endpoint has a vulnerability in unprotected environments — Apache PinotCWE-674 7.5 -2022-04-05
CVE-2022-25598 Apache DolphinScheduler user registration is vulnerable to ReDoS attacks — Apache DolphinSchedulerCWE-1333 7.5 -2022-03-30
CVE-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed — Apache APISIXCWE-20 9.8 -2022-03-28
CVE-2021-44759 Improper authentication vulnerability in TLS origin verification — Apache Traffic ServerCWE-287 7.7 -2022-03-23
CVE-2021-44040 HTTP request line fuzzing attacks — Apache Traffic ServerCWE-20 7.5 -2022-03-23
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation — Apache CloudStack 8.8 -2022-03-15
CVE-2022-23943 mod_sed: Read/write beyond bounds — Apache HTTP ServerCWE-787 9.1 -2022-03-14
CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody — Apache HTTP ServerCWE-190 9.1 -2022-03-14
CVE-2022-22720 HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier — Apache HTTP ServerCWE-444 9.8 -2022-03-14
CVE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody — Apache HTTP ServerCWE-665 7.5 -2022-03-14
CVE-2021-38296 Apache Spark Key Negotiation Vulnerability — Apache SparkCWE-294 7.5 -2022-03-10
CVE-2022-25312 An XML external entity (XXE) injection vulnerability exists in the Apache Any23 RDFa XSLTStylesheet extractor — Apache Any23 9.1 -2022-03-04
CVE-2022-26336 A carefully crafted TNEF file can cause an out of memory exception — poi-scratchpadCWE-770 5.5 -2022-03-04
CVE-2022-24948 Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen — Apache JSPWiki 6.1 -2022-02-25
CVE-2022-24947 Apache JSPWiki CSRF Account Takeover — Apache JSPWiki 8.8 -2022-02-25
CVE-2022-24288 Apache Airflow: RCE in example DAGs — Apache AirflowCWE-78 8.8 -2022-02-25
CVE-2021-45229 Apache Airflow: Reflected XSS via Origin Query Argument in URL — Apache AirflowCWE-79 6.1 -2022-02-25
CVE-2022-24289 Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions — Apache CayenneCWE-502 8.8 -2022-02-11
CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header — Apache APISIXCWE-290 9.8 -2022-02-11
CVE-2021-44521 Remote code execution for scripted UDFs — Apache CassandraCWE-94 9.1 -2022-02-11
CVE-2022-22931 Path traversal in Apache James 3.6.1 — Apache JamesCWE-22 4.3 -2022-02-07
CVE-2022-23206 Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth — Apache Traffic ControlCWE-918 7.5 -2022-02-06
CVE-2022-23913 Apache ActiveMQ Artemis DoS — Apache ActiveMQ ArtemisCWE-770 7.5 -2022-02-04
CVE-2021-36152 Insecure TrustManager used in LDAP connections — Apache Gobblin 9.8 -2022-02-04
CVE-2021-36151 Local Credentials Disclosure Vulnerability — Apache Gobblin 5.5 -2022-02-04
CVE-2021-44451 API sensitive information leak — Apache SupersetCWE-522 6.5 -2022-02-01
CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API — Apache PulsarCWE-863 6.5 -2022-02-01
CVE-2022-23181 Local privilege escalation with FileStore — Apache TomcatCWE-367 7.0 -2022-01-27
CVE-2022-22932 Path traversal flaws — Apache Karaf--2022-01-26

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.