Filters
Software
apache http server
306
apache tomcat
211
apache struts
87
apache airflow
79
apache traffic server
68
apache openoffice
54
apache ofbiz
49
apache subversion
46
apache superset
45
apache nifi
40
apache activemq
39
apache cxf
39
apache solr
39
apache hadoop
35
apache inlong
26
apache cloudstack
25
apache openmeetings
24
apache camel
23
apache tika
23
apache jspwiki
22
apache geode
21
apache ambari
20
apache couchdb
20
apache spark
19
apache archiva
17
apache shiro
17
apache dubbo
16
apache log4j
16
apache qpid
16
apache dolphinscheduler
15
apache kylin
15
apache ranger
15
apache wicket
15
apache hive
14
apache fineract
13
apache pulsar
13
apache spamassassin
13
apache guacamole
12
apache james
12
apache karaf
12
apache linkis
12
apache roller
12
apache tapestry
12
apache atlas
11
apache batik
11
apache commons compress
11
apache geronimo
11
apache storm
11
apache syncope
11
apache activemq artemis
10
apache iotdb
10
apache ozone
10
apache tomee
10
apache xerces-c\+\+
10
apache cassandra
9
apache cordova
9
apache cordova android
9
apache druid
9
apache mesos
9
apache poi
9
apache portable runtime
9
apache shenyu
9
apache streampark
9
apache derby
8
apache pdfbox
8
apache qpid broker-j
8
apache zeppelin
8
apache axis
7
apache bookkeeper
7
apache ignite
7
apache impala
7
apache kafka
7
apache sling
7
apache apisix
6
apache apr-util
6
apache axis2
6
apache cxf fediz
6
apache drill
6
apache httpclient
6
apache jetspeed
6
apache juddi
6
apache mod python
6
apache pluto
6
apache santuario xml security for java
6
apache thrift
6
apache traffic control
6
apache xml security for c\+\+
6
apache zookeeper
6
apache allura
5
apache apache-airflow-providers-apache-hive
5
apache commons fileupload
5
apache hbase
5
apache hertzbeat
5
apache myfaces
5
apache openoffice.org
5
apache wss4j
5
apache ant
4
apache any23
4
apache cocoon
4
apache jackrabbit
4
apache jena
4
apache mod fcgid
4
apache netbeans
4
apache nuttx
4
apache olingo
4
apache rocketmq
4
apache sling cms
4
apache sshd
4
apache streampipes
4
apache submarine
4
apache answer
3
apache apache-airflow-providers-apache-spark
3
apache avro rust
3
apache brooklyn
3
apache commons beanutils
3
apache flink
3
apache flume
3
apache groovy
3
apache heron
3
apache ivy
3
apache jmeter
3
apache libapreq2
3
apache libcloud
3
apache mina
3
apache mod perl
3
apache oozie
3
apache pinot
3
apache pony mail
3
apache servicecomb
3
apache shardingsphere
3
apache skywalking
3
apache struts 2
3
apache tomcat jk connector
3
apache tomcat native
3
apache uimaj
3
apache unomi
3
apache virtual computing lab
3
apache xerces2 java
3
apache accumulo
2
apache airflow cncf kubernetes
2
apache apache
2
apache apache-airflow-providers-apache-drill
2
apache apache-airflow-providers-google
2
apache apache-airflow-providers-odbc
2
apache apisix dashboard
2
apache arrow
2
apache avro
2
apache beam
2
apache brpc
2
apache calcite
2
apache cayenne
2
apache commons configuration
2
apache commons email
2
apache commons imaging
2
apache commons jxpath
2
apache cordova file transfer
2
apache deltaspike
2
apache directory ldap api
2
apache directory studio
2
apache doris
2
apache gobblin
2
apache helix
2
apache isis
2
apache james server
2
apache knox
2
apache log4j2
2
apache log4net
2
apache maven
2
apache mina sshd
2
apache mod jk
2
apache mxnet
2
apache nifi minifi c\+\+
2
apache nifi registry
2
apache nutch
2
apache openwhisk
2
apache org.apache.sling.servlets.post
2
apache portable runtime utility
2
apache qpid proton
2
apache qpid-cpp
2
apache sentry
2
apache sling api
2
apache sling servlets post
2
apache soap
2
apache struts 1
2
apache synapse
2
apache tiles
2
apache tomcat connectors
2
apache tomcat jk web server connector
2
apache uimaducc
2
apache ws-xmlrpc
2
apache xalan-java
2
apache xerces-j
2
apache xml graphics batik
2
apache xml-rpc
2
apache activemq apollo
1
apache activemq legacy openwire module
1
apache age
1
apache airavata django portal
1
apache airflow celery provider
1
apache airflow hdfs provider
1
apache airflow hive provider
1
apache airflow spark provider
1
apache airflow sqoop provider
1
apache airflow's experimental api
1
apache amqp 0-x jms client
1
apache apache axis2\/c
1
apache apache calcite avatica
1
apache apache commons daemon
1
apache apache http server
1
apache apache webserver
1
apache apache-airflow-providers-amazon
1
apache apache-airflow-providers-apache-pig
1
apache apache-airflow-providers-apache-pinot
1
apache apache-airflow-providers-apache-sqoop
1
apache apache-airflow-providers-docker
1
apache apache-airflow-providers-fab
1
apache apache-airflow-providers-imap
1
apache apache-airflow-providers-jdbc
1
apache apache-airflow-providers-microsoft-mssql
1
apache apache-airflow-providers-mysql
1
apache apache-airflow-providers-smtp
1
apache asterixdb
1
apache aurora
1
apache chainsaw
1
apache commons bcel
1
apache commons collections
1
apache commons io
1
apache commons jelly
1
apache commons net
1
apache commons text
1
apache commons-httpclient
1
apache continuum
1
apache cordova in-app-browser
1
apache cordova inappbrowser
1
apache ddlutils
1
apache eventmesh
1
apache felix health check webconsole plugin
1
apache felix health checks
1
apache flex
1
apache flex blazeds
1
apache flink stateful functions
1
apache formatting objects processor
1
apache fortress
1
apache groovy ldap
1
apache hadoop yarn
1
apache hama
1
apache harmony
1
apache html\/java api
1
apache http server2.0a1
1
apache http server2.0a2
1
apache http server2.0a3
1
apache http server2.0a4
1
apache http server2.0a5
1
apache http server2.0a6
1
apache http server2.0a7
1
apache http server2.0a8
1
apache http server2.0a9
1
apache httpasyncclient
1
apache hugegraph
1
apache hugegraph-server
1
apache hupa
1
apache identity backend
1
apache iotdb web workbench
1
apache iotdb workbench
1
apache jackrabbit oak
1
apache jakarta slide
1
apache java chassis
1
apache jclouds
1
apache jena fuseki
1
apache jena sdb
1
apache jms client amqp
1
apache johnzon
1
apache jserv
1
apache kafka connect
1
apache kerby
1
apache kudu
1
apache ldap studio
1
apache livy
1
apache log4cxx
1
apache lucene
1
apache manifoldcf
1
apache maven archetype
1
apache maven shared utils
1
apache maven wagon
1
apache mod auth radius
1
apache mod dav svn
1
apache mod dontdothat
1
apache mod imap
1
apache mod-gnutls
1
apache myfaces tomahawk
1
apache myfaces trinidad
1
apache ode
1
apache openjpa
1
apache opennlp
1
apache opentaps
1
apache orc
1
apache orchestration director engine
1
apache parquet-mr
1
apache plc4x
1
apache pyarrow
1
Apache NiFiApache NiFi: Improper Neutralization of Input in Parameter Description
4.6
First published (updated )
Apache CloudStackApache CloudStack: Request origin validation bypass makes account takeover possible
8.8
First published (updated )
Apache CloudStackApache CloudStack: Incomplete session invalidation on web interface logout
7.1
First published (updated )
Apache CloudStackApache CloudStack Quota plugin: Access checks not enforced in Quota
6.3
First published (updated )
maven/org.apache.activemq:artemis-cliApache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.lucene:lucene-replicatorApache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
8
First published (updated )
maven/org.apache.maven.plugins:maven-archetype-pluginMaven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
7.5
First published (updated )
maven/org.apache.druid:druidApache Druid: Users can provide MySQL JDBC properties not on allow list
6.5
First published (updated )
maven/org.apache.druid.extensions:druid-pac4jApache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
5.3
First published (updated )
maven/org.apache.seata:seata-coreApache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache OFBizApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
9.8
First published (updated )
Apache OFBizApache OFBiz: Confused controller-view authorization logic (forced browsing)
9.8
First published (updated )
Apache Portable RuntimeApache Portable Runtime (APR): Unexpected lax shared memory permissions
5.5
First published (updated )
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
maven/org.apache.seatunnel:seatunnelApache SeaTunnel Web: Arbitrary file read vulnerability
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache HertzbeatGHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
8.8
First published (updated )
Apache HertzbeatGHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}
9.8
First published (updated )
maven/org.apache.sshd:sshd-commonApache MINA SSHD: integrity check bypass
5.9
First published (updated )
maven/org.apache.dolphinscheduler:dolphinschedulerApache DolphinScheduler: Resource File Read And Write Vulnerability
8.1
First published (updated )
go/github.com/apache/incubator-answerApache Answer: The link for resetting user password is not Single-Use
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/apache/incubator-answerApache Answer: The link to reset the user's password will remain valid after sending a new link
5.3
First published (updated )
Apache CloudStackApache CloudStack: Unauthorised Network List Access
4.3
First published (updated )
Apache CloudStackApache CloudStack: User Key Exposure to Domain Admins
7.2
First published (updated )
Apache IoTDB WorkbenchApache IoTDB Workbench: SSRF Vulnerability (EOL)
7.3
First published (updated )
Apache Apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache OFBizApache OFBiz Incorrect Authorization Vulnerability
First published (updated )
maven/org.apache.inlong:tubemq-coreApache InLong TubeMQ Client: Remote Code Execution vulnerability
9.8
First published (updated )
maven/org.apache.linkis:linkisApache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
4.9
First published (updated )
Apache Traffic ServerApache Traffic Server: Incomplete field name check allows request smuggling
7.5
First published (updated )
Apache Traffic ServerApache Traffic Server: Invalid Accept-Encoding can force forwarding requests
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache Traffic ServerApache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
9.1
First published (updated )
Apache RollerApache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
5.4
First published (updated )
maven/org.apache.drill.exec:drill-java-execApache Drill: XXE Vulnerability in XML Format Reader
9.8
First published (updated )
maven/org.apache.pinot:pinot-controllerApache Pinot: Unauthorized endpoint exposed sensitive information
7.5
First published (updated )
Apache StreamParkApache StreamPark IDOR Vulnerability
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache SyncopeApache Syncope: HTML tags can be injected into Console or Enduser text fields
6.5
First published (updated )
maven/org.apache.rocketmq:rocketmq-allApache RocketMQ: Unauthorized Exposure of Sensitive Data
8.8
First published (updated )
Apache CloudStackApache CloudStack: SAML Signature Exclusion
8.1
First published (updated )
maven/org.apache.cxf:cxf-rt-transports-httpApache CXF: Unrestricted memory consumption in CXF HTTP clients
7.5
First published (updated )
maven/org.apache.cxf:cxf-rt-rs-security-joseApache CXF Denial of Service vulnerability in JOSE
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.cxf:cxf-rt-rs-service-descriptionApache CXF: SSRF vulnerability via WADL stylesheet parameter
9.1
First published (updated )
Apache StreamParkApache StreamPark: FreeMarker SSTI RCE Vulnerability
8.8
First published (updated )
Apache HTTP serverApache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
9.1
First published (updated )
Apache StreamParkApache StreamPark (incubating): maven build params could trigger remote command execution
8.8
First published (updated )
Apache StreamParkApache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache HTTP serverApache HTTP Server: source code disclosure with handlers configured via AddType
5.3
First published (updated )
maven/org.apache.streampipes:streampipes-parentApache StreamPipes: Possibility of SSRF in pipeline element installation process
7.5
First published (updated )
maven/org.apache.streampipes:streampipes-parentApache StreamPipes: Potential remote code execution (RCE) via file upload
8.8
First published (updated )
maven/org.apache.streampipes:streampipes-parentApache StreamPipes: Potential creation of multiple identical accounts
5.3
First published (updated )
pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.