CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

EUVD-2018-0823

Malware in sbrugna...

EUVD-2020-23125

Malware in sbrugna...

EUVD-2022-1976

Malicious code in bioql PyPI...

EUVD-2025-3139

Malicious code in bioql PyPI...

EUVD-2023-40384

Malicious code in bioql PyPI...

EUVD-2025-7181

Malicious code in bioql PyPI...

EUVD-2023-40797

Malicious code in bioql PyPI...

CVE-2020-35451

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation...

Apache Oozie Cross-Site Scripting Vulnerability

Apache Oozie is an application from the Apache Apache Foundation, USA. Provides a workflow scheduler system for managing Apache Hadoop job functions. Apache Oozie has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2025-26796

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

GHSA-FMXW-76XQ-CMQQ Apache Oozie Cross-Site Scripting (XSS)

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

com.github.sakserv:hadoop-mini-clusters (=0.0.14), com.github.sakserv:hadoop-mini-clusters-oozie (>=0.1.1 <=0.1.16) +13 more potentially affected by CVE-2025-26796 via org.apache.oozie:oozie-core (>=4.1.0 <=5.2.1)

org.apache.oozie:oozie-core MAVEN version =4.1.0, =0.1.1, =1.0, =1.2, =4.2.0, =5.2.0, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =5.2.1 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2025-26796 Source advisory: OSV:GHSA-FMXW-76XQ-CMQQ...

Cross-site Scripting (XSS)

Overview org.apache.oozie:oozie-core is a system to define, manage, schedule, and execute complex Hadoop workloads via web services. Affected versions of this package are vulnerable to Cross-site Scripting XSS in an unspecified component. Note: This project is no longer actively maintained so no...

com.github.sakserv:hadoop-mini-clusters (=0.0.14), com.github.sakserv:hadoop-mini-clusters-oozie (>=0.1.1 <=0.1.16) +13 more potentially affected by CVE-2025-26796 via org.apache.oozie:oozie-core (>=4.1.0 <=5.2.1)

org.apache.oozie:oozie-core MAVEN version =4.1.0, =0.1.1, =1.0, =1.2, =4.2.0, =5.2.0, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =5.2.1 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2025-26796 Source advisory: SNYK:JAVA-ORGAPACHEOOZIE-9512888...

Apache Oozie Cross-Site Scripting (XSS)

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

CVE-2025-26796

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

CVE-2025-26796

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

CVE-2025-26796 Apache Oozie: XSS in Oozie Web Console

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

CVE-2025-26796 Apache Oozie: XSS in Oozie Web Console

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...