com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-32588 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954234...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-27315 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-32588 Source advisory: OSV:GHSA-QFFM-GF3J-6MVG...

Privilege Defined With Unsafe Actions

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-23015 +1 more via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-23015, CVE-2025-26467 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688120...

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +374 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=0.7.0-rc4 <=3.0.3)

org.apache.cassandra:cassandra-all MAVEN version =0.7.0-rc4, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =0.15.0, =0.6.1, =0.10.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

Privilege Escalation

cassandra-all is vulnerable to Privilege Escalation. The vulnerability exists when enabling FQL/Audit logs, which allows an attacker with JMX access to run arbitrary commands...

com.savoirtech:cassandra-all (=1.5.4) potentially affected by CVE-2015-0225 via org.apache.cassandra:apache-cassandra (=1.2.6)

org.apache.cassandra:apache-cassandra MAVEN version =1.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cassandra:apache-cassandra and may be impacted: - com.savoirtech:cassandra-all =1.5.4 Source cves: CVE-2015-0225 Source advisory:...

Remote Code Execution (RCE)

cassandra-all is vulnerable to remote code execution. When enableuserdefinedfunctions, enablescripteduserdefinedfunctions, and enablescripteduserdefinedfunctions are set, an attacker can inject and execute malicious code on the host through the scripted UDFs...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c3.11 (>=2.7.0 <=2.8.0), com.ibm.fhir:fhir-term-graph (>=4.9.2 <=4.10.2) +64 more potentially affected by CVE-2021-44521 via org.apache.cassandra:cassandra-all (>=3.11.0 <=3.11.11)

org.apache.cassandra:cassandra-all MAVEN version =3.11.0, =2.7.0, =4.9.2, =4.10.0, =3.11, =3.11, =3.11, =0.3.3, =0.4.0, =0.10.0, =3.11.0.0, =2.3, =5.3.0, =6.1.0 and more Source cves: CVE-2021-44521 Source advisory: OSV:GHSA-8FFC-79XG-29W8...

io.stargate.db.cassandra:persistence-cassandra-4.0 (>=0.0.2 <=1.0.1) potentially affected by CVE-2020-13946 via org.apache.cassandra:cassandra-all (=4.0-beta1)

org.apache.cassandra:cassandra-all MAVEN version =4.0-beta1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cassandra:cassandra-all and may be impacted: - io.stargate.db.cassandra:persistence-cassandra-4.0 =0.0.2, =1.0.1 Source cves:...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c3.0 (>=0.21.0 <=2.6.0), com.ericsson.bss.cassandra.ecaudit:ecaudit_c3.0.11 (>=2.0.0 <=2.3.0) +9 more potentially affected by CVE-2020-13946 via org.apache.cassandra:cassandra-all (>=3.0.0 <=3.0.20)

org.apache.cassandra:cassandra-all MAVEN version =3.0.0, =0.21.0, =2.0.0, =0.1.0, =1.0.0, =1.0.0, =3.11.28, =3.11.28, =3.11.28, =3.0.10.0, =1.4.4, =1.4.10 Source cves: CVE-2020-13946 Source advisory: OSV:GHSA-24WW-MC5X-XC43...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c2.2 (>=2.2.0 <=2.6.0), com.github.haifengl:unicorn-cassandra_2.11 (>=2.0.0 <=2.1.1) +40 more potentially affected by CVE-2020-13946 via org.apache.cassandra:cassandra-all (>=2.2.0 <=2.2.16)

org.apache.cassandra:cassandra-all MAVEN version =2.2.0, =2.2.0, =2.0.0, =0.6.0, =0.6.0, =2.2.10.0, =1.2.2, =2.2.0, =2.2.0, =1.0.17.Final, =1.1.2.Final - org.hawkular.accounts:hawkular-accounts-sample-websocket-backend =1.0.17.Final - org.hawkular.accounts:hawkular-accounts-sample-websocket-secur...