EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

EUVD-2026-37580

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

Apache DolphinScheduler has an Incorrect Authorization Vulnerability

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

GHSA-3CJC-VHFM-FFP2 Apache DolphinScheduler vulnerable to sensitive information disclosure

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

Apache DolphinScheduler 安全漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Version 3.1.x of Apache DolphinScheduler contains a security vulnerability that exposes sensitive information, potentially allowing unauthorized access...

CVE-2023-25601

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...

CVE-2023-50270

Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are recommended to upgrade to version 3.2.1, which fixes this issue...

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue...

CVE-2023-49068

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. At the time of disclosure of this advisory, this version has not...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2022-26884

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher...

Exploit for Code Injection in Apache Dolphinscheduler

No d...

EUVD-2021-0018

Malware in sbrugna...

EUVD-2021-2328

Malware in sbrugna...

EUVD-2024-0627

Malicious code in bioql PyPI...

EUVD-2024-0715

Malicious code in bioql PyPI...

EUVD-2024-0705

Malicious code in bioql PyPI...

EUVD-2023-0037

Malicious code in bioql PyPI...

EUVD-2023-0036

Malicious code in bioql PyPI...

EUVD-2024-0480

Malicious code in bioql PyPI...