CVE-2026-31923

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

EUVD-2024-30440

Malicious code in bioql PyPI...

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

The vulnerability of the Apache APISIX cloud API gateway, related to bypassing authentication through spoofing, allows attackers to execute arbitrary code.

The vulnerability of the Apache APISIX cloud API gateway involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

Apache Apisix 命令注入漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd and features dynamic routing and plugin hot-loading for API management in a microservice architecture. Apache APISIX has a security vulnerability that stems fr...

Apache APISIX Trust Management Issues Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . Apache APISIX suffers from a trust...