Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Software Foundation — Vulnerabilities & Security Advisories 1725

Browse all 1725 CVE security advisories affecting Apache Software Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Apache Software Foundation develops and maintains open-source software, primarily known for the widely deployed Apache HTTP Server and foundational Java frameworks. Its extensive portfolio exposes a significant attack surface, evidenced by the 1717 recorded CVEs. Historically, vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from complex configuration errors or input validation failures in legacy components. While the foundation enforces rigorous security review processes, the sheer volume of projects increases the likelihood of undiscovered flaws. Notable incidents include critical flaws in Log4j, which allowed remote code execution via crafted log messages, highlighting risks in dependency management. The organization relies on community-driven patching, requiring administrators to promptly apply updates to mitigate exploitation. This model ensures transparency but demands active vigilance from users to maintain system integrity against evolving threat vectors.

Found 16 results / 1725Clear Filters
Top products by Apache Software Foundation: Apache HTTP Server Apache Airflow Apache Tomcat Apache Superset Apache Traffic Server Apache NiFi Apache OFBiz Apache InLong Apache CloudStack Apache DolphinScheduler Apache OpenOffice Apache Struts Apache Solr Apache OpenMeetings Apache Zeppelin Apache Camel Apache CXF Apache Hadoop Apache JSPWiki Apache Fineract Apache Geode Apache Pulsar Apache Ambari Apache Dubbo Apache Kylin Apache Hive Apache Thrift Apache Spark Apache Tika Apache ActiveMQ
CVE IDTitleCVSSSeverityPublished
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints — Apache PulsarCWE-863 6.4 Medium2024-04-02
CVE-2024-27894 Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying — Apache PulsarCWE-20 8.5 High2024-03-12
CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification — Apache PulsarCWE-22 8.4 High2024-03-12
CVE-2024-27135 Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution — Apache PulsarCWE-913 8.5 High2024-03-12
CVE-2022-34321 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint — Apache PulsarCWE-306 8.2 High2024-03-12
CVE-2024-28098 Apache Pulsar: Improper Authorization For Topic-Level Policy Management — Apache PulsarCWE-863 6.4 Medium2024-03-12
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification — Apache PulsarCWE-203 7.4 High2024-02-07
CVE-2023-30429 Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy — Apache PulsarCWE-863 9.6 Critical2023-07-12
CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires — Apache PulsarCWE-287--2023-07-12
CVE-2022-33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation — Apache PulsarCWE-295 8.1 -2022-11-04
CVE-2022-33683 Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack — Apache PulsarCWE-295 5.9 -2022-09-23
CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack — Apache PulsarCWE-295 5.9 -2022-09-23
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM — Apache PulsarCWE-295 5.9 -2022-09-23
CVE-2022-24280 Apache Pulsar Proxy target broker address isn't validated — Apache PulsarCWE-20 7.5 -2022-09-23
CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API — Apache PulsarCWE-863 6.5 -2022-02-01
CVE-2021-22160 Authentication with JWT allows use of “none”-algorithm — Apache Pulsar 9.8 -2021-05-26

This page lists every published CVE security advisory associated with Apache Software Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.