100 matches found
GHSA-3PXV-7CMR-FJR4 vulnerabilities
Vulnerabilities for packages: apache-activemq, spark, kafka-bridge, apache-hop, ghidra, opensearch-fips, apache-activemq-fips, pinot, camunda-zeebe, kafka-bridge-fips, pinot-fips, tritonserver-backend-vllm-cuda-13.0, elasticsearch, apache-hop-fips, apache-pulsar, kserve-modelmesh,...
CVE-2026-34480 vulnerabilities
Vulnerabilities for packages: apache-activemq, spark, kafka-bridge, apache-hop, ghidra, opensearch-fips, apache-activemq-fips, pinot, camunda-zeebe, kafka-bridge-fips, pinot-fips, tritonserver-backend-vllm-cuda-13.0, elasticsearch, apache-hop-fips, apache-pulsar, kserve-modelmesh,...
GHSA-W9FJ-CFPG-GRVV vulnerabilities
Vulnerabilities for packages: seata, spark, kafka-bridge, apache-hop, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips,...
CVE-2026-33871 vulnerabilities
Vulnerabilities for packages: seata, spark, kafka-bridge, apache-hop, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips,...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: seata, spark, kafka-bridge, management-api-for-apache-cassandra-5.0, tez, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips, pinot-fip...
GHSA-RP46-R563-JRC7 vulnerabilities
Vulnerabilities for packages: spark, spark-fips, celeborn, apache-hop, hadoop-fips, wavefront-proxy, apache-hop-fips, apache-pulsar, logstash, akhq, pinot, druid, kafbat-ui-fips, kafbat-ui...
CVE-2025-33042 vulnerabilities
Vulnerabilities for packages: spark, spark-fips, celeborn, apache-hop, hadoop-fips, wavefront-proxy, apache-hop-fips, apache-pulsar, logstash, akhq, pinot, druid, kafbat-ui-fips, kafbat-ui...
CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
EUVD-2022-7272
Malicious code in bioql PyPI...
EUVD-2022-1594
Malicious code in bioql PyPI...
EUVD-2025-9317
Malicious code in bioql PyPI...
EUVD-2022-6919
Malicious code in bioql PyPI...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2022-38649
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
CVE-2022-23974
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...
The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.
The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...
Authentication Bypass
Apache Pinot is vulnerable to Authentication Bypass. The vulnerability is due to improper request path validation due to the application's failure to enforce authentication when the request path contains a semicolon ; and lacks a forward slash /, allowing unauthorized user creation...
Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...