Filters
Software
apache http server
90
apache tomcat
66
apache traffic server
48
apache struts
23
apache airflow
20
apache nifi
19
apache openoffice
19
apache solr
18
apache hadoop
15
apache inlong
13
apache openmeetings
13
apache cxf
11
apache ofbiz
11
apache camel
9
apache geode
9
apache subversion
9
apache activemq
8
apache fineract
8
apache cordova
7
apache dolphinscheduler
7
apache guacamole
7
apache spark
7
apache superset
7
apache activemq artemis
6
apache batik
6
apache commons compress
6
apache hive
6
apache iotdb
6
apache kylin
6
apache shiro
6
apache tapestry
6
apache tika
6
apache ambari
5
apache cloudstack
5
apache cxf fediz
5
apache pulsar
5
apache ranger
5
apache shenyu
5
apache wicket
5
apache bookkeeper
4
apache cassandra
4
apache couchdb
4
apache hbase
4
apache hertzbeat
4
apache james
4
apache karaf
4
apache linkis
4
apache log4j
4
apache mesos
4
apache qpid
4
apache qpid broker-j
4
apache spamassassin
4
apache storm
4
apache streampark
4
apache thrift
4
apache xerces-c\+\+
4
apache zookeeper
4
apache apisix
3
apache archiva
3
apache atlas
3
apache avro rust
3
apache commons beanutils
3
apache commons fileupload
3
apache geronimo
3
apache impala
3
apache jspwiki
3
apache kafka
3
apache mod fcgid
3
apache mod python
3
apache ozone
3
apache servicecomb
3
apache streampipes
3
apache syncope
3
apache tomee
3
apache uimaj
3
apache xml security for c\+\+
3
apache zeppelin
3
apache apache-airflow-providers-apache-drill
2
apache apache-airflow-providers-apache-hive
2
apache apache-airflow-providers-apache-spark
2
apache arrow
2
apache axis
2
apache beam
2
apache cayenne
2
apache commons email
2
apache commons imaging
2
apache cordova android
2
apache derby
2
apache doris
2
apache drill
2
apache ivy
2
apache jena
2
apache jetspeed
2
apache libapreq2
2
apache myfaces
2
apache olingo
2
apache openoffice.org
2
apache pinot
2
apache poi
2
apache portable runtime
2
apache roller
2
apache sentry
2
apache skywalking
2
apache tomcat jk connector
2
apache tomcat native
2
apache traffic control
2
apache virtual computing lab
2
apache xalan-java
2
apache xerces2 java
2
apache accumulo
1
apache age
1
apache airflow celery provider
1
apache airflow cncf kubernetes
1
apache airflow hdfs provider
1
apache airflow spark provider
1
apache airflow sqoop provider
1
apache allura
1
apache amqp 0-x jms client
1
apache ant
1
apache apache-airflow-providers-amazon
1
apache apache-airflow-providers-docker
1
apache apache-airflow-providers-google
1
apache apache-airflow-providers-jdbc
1
apache apache-airflow-providers-odbc
1
apache apr-util
1
apache avro
1
apache axis2
1
apache brooklyn
1
apache cocoon
1
apache cordova file transfer
1
apache directory ldap api
1
apache directory studio
1
apache druid
1
apache dubbo
1
apache flink
1
apache formatting objects processor
1
apache fortress
1
apache groovy ldap
1
apache hama
1
apache heron
1
apache html\/java api
1
apache httpclient
1
apache ignite
1
apache iotdb workbench
1
apache jackrabbit
1
apache jackrabbit oak
1
apache james server
1
apache java chassis
1
apache jms client amqp
1
apache juddi
1
apache kafka connect
1
apache libcloud
1
apache log4cxx
1
apache lucene
1
apache maven archetype
1
apache mina
1
apache mod jk
1
apache mxnet
1
apache netbeans
1
apache nifi registry
1
apache ode
1
apache openjpa
1
apache orc
1
apache orchestration director engine
1
apache parquet-mr
1
apache pdfbox
1
apache plc4x
1
apache pluto
1
apache qpid proton-j
1
apache qpid-cpp
1
apache ranger hive
1
apache rocketmq
1
apache santuario xml security for java
1
apache seatunnel
1
apache shardingsphere
1
apache shardingsphere-ui
1
apache sling
1
apache sling authentication service
1
apache sling commons messaging mail
1
apache sling jcr base
1
apache sling jcr contentloader
1
apache sling resource merger
1
apache sling servlets resolver
1
apache soap
1
apache standard taglibs
1
apache struts 1
1
apache synapse
1
apache systemds
1
apache thrift node.js
1
apache tiles
1
apache tomcat connectors
1
apache tomcat jk web server connector
1
apache tuscany
1
apache uima-as
1
apache uimaducc
1
apache uimafit
1
apache unomi
1
apache unstructured information management architecture
1
apache vcl
1
apache wink
1
apache wss4j
1
apache xerces-j
1
apache xml graphics batik
1
Apache CloudStackApache CloudStack: Request origin validation bypass makes account takeover possible
8.8
First published (updated )
Apache CloudStackApache CloudStack: Incomplete session invalidation on web interface logout
7.1
First published (updated )
maven/org.apache.activemq:artemis-cliApache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
8.8
First published (updated )
maven/org.apache.lucene:lucene-replicatorApache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
8
First published (updated )
maven/org.apache.maven.plugins:maven-archetype-pluginMaven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.seatunnel:seatunnelApache SeaTunnel Web: Arbitrary file read vulnerability
7.5
First published (updated )
Apache HertzbeatGHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
8.8
First published (updated )
maven/org.apache.dolphinscheduler:dolphinschedulerApache DolphinScheduler: Resource File Read And Write Vulnerability
8.1
First published (updated )
Apache CloudStackApache CloudStack: User Key Exposure to Domain Admins
7.2
First published (updated )
Apache IoTDB WorkbenchApache IoTDB Workbench: SSRF Vulnerability (EOL)
7.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache Traffic ServerApache Traffic Server: Incomplete field name check allows request smuggling
7.5
First published (updated )
Apache Traffic ServerApache Traffic Server: Invalid Accept-Encoding can force forwarding requests
8.2
First published (updated )
maven/org.apache.pinot:pinot-controllerApache Pinot: Unauthorized endpoint exposed sensitive information
7.5
First published (updated )
maven/org.apache.rocketmq:rocketmq-allApache RocketMQ: Unauthorized Exposure of Sensitive Data
8.8
First published (updated )
Apache CloudStackApache CloudStack: SAML Signature Exclusion
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.cxf:cxf-rt-transports-httpApache CXF: Unrestricted memory consumption in CXF HTTP clients
7.5
First published (updated )
maven/org.apache.cxf:cxf-rt-rs-security-joseApache CXF Denial of Service vulnerability in JOSE
7.5
First published (updated )
Apache StreamParkApache StreamPark: FreeMarker SSTI RCE Vulnerability
8.8
First published (updated )
Apache StreamParkApache StreamPark (incubating): maven build params could trigger remote command execution
8.8
First published (updated )
Apache StreamParkApache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.streampipes:streampipes-parentApache StreamPipes: Possibility of SSRF in pipeline element installation process
7.5
First published (updated )
maven/org.apache.streampipes:streampipes-parentApache StreamPipes: Potential remote code execution (RCE) via file upload
8.8
First published (updated )
pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler
8.8
First published (updated )
pip/apache-airflowApache Airflow: Potential XSS Vulnerability
8.1
First published (updated )
maven/org.apache.linkis:linkis-datasourceApache Linkis DataSource: DataSource Remote code execution vulnerability
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.linkis:linkis-datasourceApache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability
8.8
First published (updated )
F5 BIG-IPApache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
7.5
First published (updated )
Fedoraproject FedoraApache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
7.5
First published (updated )
maven/org.apache.commons:commons-compressApache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
8.1
EPSS
0.06%
First published (updated )
maven/org.apache.solr:solr-coreApache Solr: System Property redaction logic inconsistency can lead to leaked passwords
7.5
EPSS
0.11%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.solr:solr-coreApache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
7.5
EPSS
0.11%
First published (updated )
maven/org.apache.solr:solr-solrjApache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions
7.5
EPSS
0.05%
First published (updated )
maven/org.apache.solr:solr-coreApache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
8.8
EPSS
0.13%
First published (updated )
CVE-2024-23452Apache bRPC: HTTP request smuggling vulnerability
7.5
EPSS
0.17%
First published (updated )
Apache PulsarApache Pulsar: Timing attack in SASL token signature verification
7.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.sling:org.apache.sling.servlets.resolverApache Sling Servlets Resolver: Malicious code execution via path traversal
8.5
EPSS
0.06%
First published (updated )
go/github.com/apache/servicecomb-service-centerApache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
7.6
EPSS
0.09%
First published (updated )
go/github.com/apache/servicecomb-service-centerApache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
7.5
EPSS
0.06%
First published (updated )
maven/org.apache.kylin:kylin-core-commonApache Kylin: Insufficiently protected credentials in config file
7.5
First published (updated )
Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache TomcatApache Tomcat: Leaking of unrelated request bodies in default error page
7.5
EPSS
0.69%
First published (updated )
maven/axis:axisApache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API
7.2
First published (updated )
maven/org.apache.inlong:manager-pojoApache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager
7.5
First published (updated )
maven/org.apache.dolphinscheduler:dolphinscheduler-masterApache DolphinScheduler: Arbitrary js execute as root for authenticated users
8.8
First published (updated )
Apache OpenOfficeApache OpenOffice: Macro URL arbitrary script execution
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache OFBizApache OFBiz: Arbitrary file properties reading and SSRF attack
7.5
First published (updated )
Apache HertzbeatUnauthorized access vulnerability on three interfaces
7.5
First published (updated )
Apache HertzbeatExpression Injection Vulnerability in Hertzbeat
8.8
First published (updated )
Apache HertzbeatPermission bypass due to incorrect configuration in github.com/dromara/hertzbeat
7.5
First published (updated )
maven/org.apache.pulsar:pulsar-websocketApache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.