61118 matches found
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.0, there were security...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...
PT-2026-33595
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Secrets stored within variables as JSON dictionaries are not properly redacted. When a user retrieves these variables, secrets located in nested fields are not masked. Recommendations Upgrade ...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32228 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32228 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16132854...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-30912 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-30912 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16132595...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to allowing users with asset materialize permissions to trigger DAGs outside of their permissions. Remediation Upgrade apache-airflow-core to version 3.2.0b2 or higher. References - Apache Mailing List - GitH...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to exposing exception/stack trace of errors even if api/exposestacktraces was set to false. That could lead to exposing additional information to potential attacker...
CVE-2026-34197 vulnerabilities
Vulnerabilities for packages: apache-activemq-fips, geoserver, apache-activemq...
GHSA-RXPJ-7QVF-XV32 vulnerabilities
Vulnerabilities for packages: apache-activemq-fips, geoserver, apache-activemq...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers (CVE-2025-54988, CVE-2025-66516, CVE-2025-66516)
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers CVE-2025-54988, CVE-2025-66516, CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika...
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency CISA. To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 CVSS score: 8.8, to its...
GHSA-355H-QMC2-WPWF vulnerabilities
Vulnerabilities for packages: solr, akhq, apache-nifi, wso2is, kafka-fips, spark-kubernetes-operator, apache-pulsar, apache-pulsar-fips, cloudwatch-exporter, apache-jena-fuseki, kafka, spark-kubernetes-operator-fips, neo4j, apache-hop, apache-hop-fips, strimzi-kafka-operator, clojure-tools,...
CVE-2026-2332 vulnerabilities
Vulnerabilities for packages: solr, akhq, apache-nifi, wso2is, kafka-fips, spark-kubernetes-operator, apache-pulsar, apache-pulsar-fips, cloudwatch-exporter, apache-jena-fuseki, kafka, spark-kubernetes-operator-fips, neo4j, apache-hop, apache-hop-fips, strimzi-kafka-operator, clojure-tools,...
CLEANSTART-2026-CO09549 In libexpat before 2
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...
CLEANSTART-2026-RO70091 In libexpat before 2
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...
CLEANSTART-2026-AK18460 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-KF53276 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6
Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GW37659 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0
Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...
Apache Tomcat 10.1.22 < 10.1.54 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.54. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.54security-10 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...