Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2021-40438 mod_proxy SSRF — Apache HTTP ServerCWE-918 8.1 -2021-09-16
CVE-2021-39275 ap_escape_quotes buffer overflow — Apache HTTP Server 9.8 -2021-09-16
CVE-2021-39239 XML External Entity (XXE) vulnerability — Apache Jena 7.5 -2021-09-16
CVE-2021-36160 mod_proxy_uwsgi out of bound read — Apache HTTP ServerCWE-125 7.5 -2021-09-16
CVE-2021-34798 NULL pointer dereference in httpd core — Apache HTTP ServerCWE-476 7.5 -2021-09-16
CVE-2021-40146 A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java — Apache Any23 9.8 -2021-09-11
CVE-2021-38555 An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java — Apache Any23 9.1 -2021-09-11
CVE-2021-38540 Apache Airflow: Variable Import endpoint missed authentication check — Apache AirflowCWE-269 9.8 -2021-09-09
CVE-2021-37579 Bypass deserialization checks in Apache Dubbo — Apache Dubbo 9.8 -2021-09-09
CVE-2021-36161 Unprotected input value toString cause RCE — Apache Dubbo 9.8 -2021-09-09
CVE-2021-36163 Unsafe deserialization in providers using the Hessian protocol — Apache Dubbo 9.1 -2021-09-07
CVE-2021-36162 Unprotected yaml deserialization cause RCE — Apache Dubbo 8.8 -2021-09-07
CVE-2019-10095 bash command injection in spark interpreter — Apache Zeppelin 9.8 -2021-09-02
CVE-2020-13929 Notebook permissions bypass — Apache Zeppelin 9.8 -2021-09-02
CVE-2021-27578 Cross Site Scripting in markdown interpreter — Apache Zeppelin 6.1 -2021-09-02
CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol — Apache NiFi - MiNiFi C++CWE-78 9.8 -2021-08-24
CVE-2021-35940 Regression of CVE-2017-12613 — Apache Portable Runtime (APR) 8.1 -2021-08-23
CVE-2021-37608 Arbitrary file upload vulnerability in OFBiz — Apache OFBizCWE-434 9.8 -2021-08-18
CVE-2021-33580 regex injection leading to DoS — Apache RollerCWE-400 7.5 -2021-08-18
CVE-2021-35936 No Authentication on Logging Server — Apache AirflowCWE-200 5.3 -2021-08-16
CVE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy — Apache HTTP Server 7.5 -2021-08-16
CVE-2021-21501 ServiceComb ServiceCenter Directory Traversal — Apache ServiceCombCWE-22 9.1 -2021-08-10
CVE-2021-37578 Remote code execution via RMI — Apache jUDDICWE-502 9.8 -2021-07-29
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass — Apache Directory StudioCWE-311 7.5 -2021-07-26
CVE-2021-28131 Impala logs contain secrets — Apache ImpalaCWE-288 8.8 -2021-07-22
CVE-2021-36374 Apache Ant ZIP, and ZIP based, archive denial of service vulerability — Apache AntCWE-130 5.5 -2021-07-14
CVE-2021-36373 Apache Ant TAR archive denial of service vulnerability — Apache AntCWE-130 5.5 -2021-07-14
CVE-2021-36090 Apache Commons Compress 1.0 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13
CVE-2021-35517 Apache Commons Compress 1.1 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13
CVE-2021-35516 Apache Commons Compress 1.6 to 1.20 denial of service vulnerability — Apache Commons CompressCWE-130 7.5 -2021-07-13

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.