CVE-2021-31522

Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

Authentication Bypass

Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

CVE-2025-61735

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

EUVD-2024-0235

Malicious code in bioql PyPI...

EUVD-2022-0453

Malicious code in bioql PyPI...

EUVD-2022-0730

Malicious code in bioql PyPI...

EUVD-2025-8498

Malicious code in bioql PyPI...

EUVD-2025-32090

Malicious code in bioql PyPI...

EUVD-2022-0672

Malicious code in bioql PyPI...

EUVD-2025-32089

Malicious code in bioql PyPI...

EUVD-2025-32088

Malicious code in bioql PyPI...

EUVD-2025-8449

Malicious code in bioql PyPI...

EUVD-2022-0646

Malicious code in bioql PyPI...