Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf — Apache Karaf 8.1 -2022-01-26
CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration — Apache ShenYu (incubating)CWE-862 9.1 -2022-01-25
CVE-2022-23944 Apache ShenYu 2.4.1 Improper access control — Apache ShenYu (incubating)CWE-862 9.1 -2022-01-25
CVE-2022-23223 Apache ShenYu Password leakage — Apache ShenYu (incubating)CWE-522 7.5 -2022-01-25
CVE-2021-45029 Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection — Apache ShenYu (incubating)CWE-94 9.8 -2022-01-25
CVE-2022-23437 Infinite loop within Apache XercesJ xml parser — Apache Xerces 7.5 -2022-01-24
CVE-2022-22733 Access-Token in ElasticJob UI causes password disclosure — Apache ShardingSphere ElasticJob-UICWE-200 8.1 -2022-01-20
CVE-2021-45230 Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver — Apache Airflow 6.5 -2022-01-20
CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. — Apache Log4j 1.xCWE-502 9.8 -2022-01-18
CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1 — Apache Log4j 1.xCWE-89 9.8 -2022-01-18
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x — Apache Log4j 1.xCWE-502 8.8 -2022-01-18
CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox — Apache KnoxCWE-79 6.1 -2022-01-17
CVE-2021-43999 Improper validation of SAML responses — Apache GuacamoleCWE-287 8.8 -2022-01-11
CVE-2021-41767 Private tunnel identifier may be included in the non-private details of active connections — Apache GuacamoleCWE-200 6.5 -2022-01-11
CVE-2021-43297 Dubbo Hessian cause RCE when parse error — Apache DubboCWE-502 9.8 -2022-01-10
CVE-2021-43045 Possible DOS vulnerabilities in C# Avro SDK — Apache AvroCWE-770 7.5 -2022-01-06
CVE-2021-45458 Hardcoded credentials — Apache KylinCWE-798 7.5 -2022-01-06
CVE-2021-45457 Overly broad CORS configuration — Apache Kylin 7.5 -2022-01-06
CVE-2021-45456 Command injection — Apache Kylin 9.8 -2022-01-06
CVE-2021-36774 Mysql JDBC Connector Deserialize RCE — Apache Kylin 6.5 -2022-01-06
CVE-2021-31522 Apache Kylin unsafe class loading — Apache Kylin 9.8 -2022-01-06
CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF — Apache KylinCWE-918 7.5 -2022-01-06
CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-36738 XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-36737 XSS in V3 Demo Portlet — Apache PortalsCWE-79 6.1 -2022-01-06
CVE-2021-40525 Sieve file storage vulnerable to path traversal attacks — Apache JamesCWE-22 9.1 -2022-01-04
CVE-2021-40111 Apache James IMAP parsing Denial Of Service — Apache James 6.5 -2022-01-04
CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS — Apache James 7.5 -2022-01-04
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3) — Apache JamesCWE-77 5.9 -2022-01-04
CVE-2021-34797 Apache Geode project log file redaction of sensitive information vulnerability — Apache GeodeCWE-532 7.5 -2022-01-04

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.