Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1685

Browse all 1685 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Apache Software Foundation:Apache AirflowApache HTTP ServerApache TomcatApache SupersetApache Traffic ServerApache NiFiApache OFBizApache InLongApache DolphinSchedulerApache OpenOfficeApache CloudStackApache StrutsApache SolrApache OpenMeetingsApache ZeppelinApache CamelApache CXFApache HadoopApache FineractApache GeodeApache JSPWikiApache KylinApache DubboApache PulsarApache AmbariApache HiveApache SparkApache ActiveMQApache TikaApache Ranger
CVE IDTitleCVSSSeverityPublished
CVE-2020-13959 Velocity Tools XSS Vulnerability — Apache Velocity ToolsCWE-79 6.1 -2021-03-10
CVE-2020-35451 Oozie local privilege escalation — Apache OozieCWE-377 4.7 -2021-03-09
CVE-2021-27907 Apache Superset stored XSS on Dashboard markdown — Apache SupersetCWE-79 5.4 -2021-03-05
CVE-2020-1936 Stored XSS in Apache Ambari — Apache AmbariCWE-79 6.1 -2021-03-02
CVE-2020-9479 unzip directory traversal — Apache AsterixDB 5.5 -2021-03-01
CVE-2021-25122 Apache Tomcat h2c request mix-up — Apache TomcatCWE-200 7.5 -2021-03-01
CVE-2021-25329 Incomplete fix for CVE-2020-9484 — Apache Tomcat 7.4 -2021-03-01
CVE-2021-26544 Apache Livy (Incubating) is vulnerable to cross site scripting — Apache Livy (Incubating)CWE-79 5.4 -2021-02-20
CVE-2021-26296 Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces — Apache MyFaces CoreCWE-352 7.5 -2021-02-19
CVE-2021-26697 Apache Airflow: Lineage API endpoint for Experimental API missed authentication check — Apache AirflowCWE-269 5.3 -2021-02-17
CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API — Apache AirflowCWE-284 8.1 -2021-02-17
CVE-2021-25646 Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. — Apache Druid 8.8 -2021-01-29
CVE-2021-26118 Flaw in ActiveMQ Artemis OpenWire support — Apache ActiveMQ ArtemisCWE-284 7.5 -2021-01-27
CVE-2021-26117 ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind — Apache ActiveMQCWE-287 7.5 -2021-01-27
CVE-2020-17532 Apache ServiceComb Yaml remote deserialization vulnerability — Apache ServiceComb-Java-ChassisCWE-20 8.8 -2021-01-25
CVE-2021-23901 An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser — Apache NutchCWE-611 9.1 -2021-01-25
CVE-2021-23926 XMLBeans XML Entity Expansion — Apache XMLBeans 9.1 -2021-01-14
CVE-2021-24122 Apache Tomcat information disclosure — Apache TomcatCWE-200 5.9 -2021-01-14
CVE-2020-11995 Apache Dubbo default deserialization protocol Hessian2 cause CRE — Apache DubboCWE-502 9.8 -2021-01-11
CVE-2020-13922 Apache DolphinScheduler (incubating) Permission vulnerability — Apache DolphinSchedulerCWE-264 6.5 -2021-01-11
CVE-2020-17519 Apache Flink directory traversal attack: reading remote files through the REST API — Apache FlinkCWE-552 7.5 -2021-01-05
CVE-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API — Apache FlinkCWE-23 7.5 -2021-01-05
CVE-2020-17533 Apache Accumulo Improper Handling of Insufficient Permissions — Apache AccumuloCWE-252 8.1 -2020-12-29
CVE-2020-17526 Apache Airflow Webserver 安全漏洞 — Apache Airflow 6.5 -2020-12-21
CVE-2020-17511 Apache Airflow 加密问题漏洞 — Apache Airflow 6.5 -2020-12-14
CVE-2020-17513 Apache Airflow 代码问题漏洞 — Apache AirflowCWE-918 5.3 -2020-12-14
CVE-2020-17515 Apache Airflow 跨站脚本漏洞 — Apache Airflow 6.1 -2020-12-11
CVE-2020-17530 Apache Struts 代码注入漏洞 — Apache Struts 9.8 -2020-12-11
CVE-2020-17529 Apache NuttX (incubating) Out of Bound Write from invalid fragmentation offset value specified in the IP header — Apache NuttX (incubating)CWE-787 9.8 -2020-12-09
CVE-2020-17528 Apache NuttX (incubating) Out of Bound Write from invalid TCP Urgent length — Apache NuttX (incubating)CWE-787 7.5 -2020-12-09

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.