Apache Security Vulnerabilities (CVEs)
Track 573 security vulnerabilities affecting Apache products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server res...
Oct 10, 2023This vulnerability in Apache Avro Java SDK allows attackers to cause out-of-memory conditions by sending specially crafted data during deserialization...
Sep 29, 2023This CVE involves a documentation error in Apache Airflow HDFS Provider versions before 4.1.1, which incorrectly directed users to install an unclaime...
Sep 14, 2023This vulnerability in Apache Tomcat's mod_jk connector allows attackers to bypass authentication and security constraints when specific configurations...
Sep 13, 2023This vulnerability in Apache Axis 1.x allows attackers to pass untrusted input to ServiceFactory.getService, which can trigger dangerous lookup mechan...
Sep 5, 2023This vulnerability allows authorized Airflow users with Spark hook configuration permissions to execute arbitrary code on the Airflow node by connecti...
Aug 28, 2023This vulnerability in Apache Airflow allows authenticated users with Connection edit privileges to access connection information and abuse the test co...
Aug 23, 2023This session fixation vulnerability in Apache Airflow allows authenticated users to maintain access to the webserver even after their password has bee...
Aug 23, 2023This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Apache XML Graphics Batik version 1.16. A malicious SVG file can trigger the ...
Aug 22, 2023Apache Ivy versions before 2.5.2 have an XML External Entity (XXE) vulnerability that allows attackers to read arbitrary files, access internal resour...
Aug 21, 2023This vulnerability in Apache Airflow Spark Provider allows attackers to inject malicious parameters when establishing connections, potentially enablin...
Aug 17, 2023This vulnerability allows attackers to pass malicious parameters when establishing connections with DrillHook in Apache Airflow Drill Provider, enabli...
Aug 11, 2023CVE-2023-33934 is an improper input validation vulnerability in Apache Traffic Server that could allow remote attackers to execute arbitrary code or c...
Aug 9, 2023This vulnerability allows attackers to exploit improper input validation in Apache Traffic Server's range header handling. Attackers could cause denia...
Aug 9, 2023This vulnerability allows authenticated and authorized Apache NiFi users to configure HTTP URL references for retrieving drivers, enabling custom code...
Jul 29, 2023This critical vulnerability in Apache Helix allows remote attackers to execute arbitrary code through unsafe YAML deserialization. Attackers can explo...
Jul 26, 2023This CVE describes a critical Java object deserialization vulnerability in Apache Jackrabbit that allows remote code execution via RMI. Attackers can ...
Jul 25, 2023This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to bypass security controls and read arbitrary files. It aff...
Jul 25, 2023This CVE describes an SQL injection vulnerability in Apache InLong's toAuditCkSql method where user-controlled parameters (groupId, streamId, auditId,...
Jul 25, 2023This CVE describes an authentication bypass vulnerability in Apache Shiro that allows attackers to bypass security controls through path traversal tec...
Jul 24, 2023This vulnerability allows attackers with permission to modify ShardingSphere-Agent YAML configuration files to execute arbitrary code by exploiting un...
Jul 19, 2023This vulnerability allows attackers to achieve remote code execution by sending specially crafted RabbitMQ messages to Apache EventMesh. The deseriali...
Jul 17, 2023This vulnerability allows remote attackers to execute arbitrary JavaScript code via specially crafted SPARQL queries in Apache Jena. It affects Apache...
Jul 12, 2023This vulnerability allows attackers to bypass security checks and achieve remote code execution (RCE) in Apache Airflow Hive Provider by exploiting im...
Jul 3, 2023Apache Accumulo 2.1.0 has an improper authentication vulnerability where invalid credentials may be accepted, allowing unauthorized access. This affec...
Jun 21, 2023Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive...
Jun 14, 2023Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive...
Jun 14, 2023This vulnerability in Apache Airflow's CNCF Kubernetes provider allows authenticated users with elevated permissions (Operator or Admin roles) to modi...
May 30, 2023This vulnerability allows users with JMX access to escalate privileges and execute arbitrary commands as the Apache Cassandra service account when ena...
May 30, 2023This CVE describes an Insufficient Session Expiration vulnerability in Apache InLong where old sessions remain valid even after user deletion or passw...
May 22, 2023Apache InLong versions 1.1.0 through 1.6.0 have weak password requirements that allow users to set simple passwords. Attackers can easily guess these ...
May 22, 2023This vulnerability allows attackers to modify the immutable name and type of clusters in Apache InLong, potentially enabling unauthorized configuratio...
May 22, 2023This vulnerability allows attackers with valid unprivileged accounts to escalate privileges in Apache InLong. By intercepting login requests and reusi...
May 22, 2023This vulnerability in Apache InLong allows attackers to delete other users' subscriptions without proper authorization. It affects Apache InLong versi...
May 22, 2023This vulnerability allows attackers to bypass request size limits in Apache Tomcat by submitting exactly maxParameterCount query parameters, potential...
May 22, 2023This vulnerability in Apache Sling Commons JSON allows attackers to cause denial of service or potentially execute arbitrary code by sending specially...
May 15, 2023This vulnerability in Apache OpenMeetings allows attackers with access to certain private information to impersonate other users. It affects Apache Op...
May 12, 2023CVE-2023-25754 is a privilege context switching error in Apache Airflow that allows authenticated users to execute arbitrary code with elevated privil...
May 8, 2023This vulnerability in Apache bRPC allows attackers to execute arbitrary code by manipulating the ServerOptions pid_file parameter. Attackers who can i...
May 8, 2023This vulnerability in Apache Ranger Hive Plugin allows users with only SELECT privilege on a database to alter table ownership in Hive when the plugin...
May 5, 2023This vulnerability allows authenticated users to impersonate arbitrary users in Apache Spark UI when ACLs are enabled, leading to arbitrary shell comm...
May 2, 2023This vulnerability in Apache StreamPark allows any user to upload arbitrary JAR files without proper file type validation, potentially enabling remote...
May 1, 2023This CVE describes an incorrect authorization vulnerability in Apache IoTDB's web-workbench component (version 0.13.3). Attackers can bypass authoriza...
Apr 17, 2023CVE-2023-24831 is an authentication bypass vulnerability in Apache IoTDB Grafana Connector that allows attackers to log in without proper credentials....
Apr 17, 2023Apache Linkis versions up to 1.3.1 use a default authentication token that is too simple and predictable, allowing attackers to easily guess or obtain...
Apr 10, 2023This vulnerability in Apache Linkis allows attackers to execute arbitrary code remotely by exploiting a deserialization flaw when configuring MySQL da...
Apr 10, 2023This vulnerability in Apache Linkis allows unauthenticated attackers to upload arbitrary files to any location on the server due to insufficient path ...
Apr 10, 2023This CVE allows remote code execution through improper input validation in Apache Airflow Hive Provider. Attackers can inject malicious code that gets...
Apr 7, 2023This CVE describes an improper input validation vulnerability in Apache Airflow Spark Provider that could allow attackers to execute arbitrary code or...
Apr 7, 2023This vulnerability allows authenticated users to escalate privileges via stored cross-site scripting (XSS) by uploading malicious content through the ...
Mar 29, 2023Why Monitor Apache Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 573+ known vulnerabilities affecting Apache products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Apache packages in under 60 seconds. No agents required - completely agentless scanning that works across Apache deployments.
Free vulnerability database: Access detailed information about every Apache CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Apache CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
