57 matches found
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1722 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.4.8)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.42.1, =1.4.1, =1.4.3 - ai.grakn:grakn-dist =1.4.1 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)
org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...
ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +677 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.2.3)
org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.1.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65https://vulners.com/osv/OSV:GHSA-J...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1748 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.5.6)
org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.9 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...
org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)
org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2025-54920...
com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.49.0), com.github.rumbledb:rumbledb (=2.0.0) +81 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (=4.0.0)
org.apache.spark:spark-core2.13 MAVEN version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.13 and may be impacted: - com.azure.cosmos.spark:azure-cosmos-spark4-02-13 =4.43.0, =0.43.0-preview, =0.43.0-preview,...
ai.catboost:catboost-spark_3.0_2.12 (>=0.25 <=1.2.8), ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8) +1483 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=3.0.0-preview <=3.5.6)
org.apache.spark:spark-core2.12 MAVEN version =3.0.0-preview, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.22.0, =0.36.0 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623151...
Deserialization of Untrusted Data
Overview org.apache.spark:spark-core2.12 is an unified analytics engine for large-scale data processing. It provides high-level APIs in Scala, Java, Python, and R, and an optimized engine that supports general computation graphs for data analysis. It also supports a rich set of higher-level tools...
com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.49.0), com.github.rumbledb:rumbledb (=2.0.0) +85 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=4.0.0-preview2 <=4.0.0)
org.apache.spark:spark-core2.13 MAVEN version =4.0.0-preview2, =4.43.0, =0.43.0-preview, =0.43.0-preview, =4.0.0-preview22.0.1, =0.0.3, =0.0.3, =7.0.1, =4.1.0, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc8 and more Source cves: CVE-2025-54920 Source advisory:...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Jackson implementation in the Spark History Server web UI. An attacker who can write event logs can achieve code execution by injecting malicious JSON payloads into event log files, which are the...
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)
org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623152...
Improper Privilege Management
spark-core is vulnerable to Improper Privilege Management . The vulnerability exists because the library does not properly disallow arbitrary custom classpaths with the proxy user in cluster mode, which allows an attacker to provide malicious configuration-related classes in the classpath...
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +224 more potentially affected by CVE-2023-22946 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.3.2)
org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =0.20, =1.1.3, =1.4.0, =1.4.0, =0.0.3, =0.0.4 and more Source cves: CVE-2023-22946 Source advisory: OSV:GHSA-329J-JFVR-RHR6...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1391 more potentially affected by CVE-2023-22946 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.3.2)
org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.22.0, =0.28.0 and more Source cves: CVE-2023-22946 Source advisory: OSV:GHSA-329J-JFVR-RHR6...
com.datastax.spark:spark-cassandra-connector-demos_2.10 (>=1.0.0 <=1.0.6), com.datastax.spark:spark-cassandra-connector-java_2.10 (>=1.0.0 <=1.0.6) +23 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=0.9.2)
org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.9.0-C2-EA, =0.5.0, =0.9.0, =0.8.3, =0.9.0-incubating, =0.9.0-incubating, =0.9.2 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
ae.teletronics.nlp:entityextraction (=1.3), au.gov.amsa.risky:spark (>=0.5.2 <=0.5.9) +269 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=1.6.3)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.5.2, =1.0.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =1.6.0, =1.0, =1.0.1, =1.0.0, =0.8.0, =0.8.2 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
ch.zzeekk.spark:spark-temporalquery_2.10 (=1.0.0), com.antgroup.tugraph:calcite-spark (>=1.18.0-geaflow_1.0 <=1.18.0-geaflow_1.1) +159 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.10 (>=2.0.0-preview <=2.2.3)
org.apache.spark:spark-core2.10 MAVEN version =2.0.0-preview, =1.18.0-geaflow1.0, =0.1.0, =2.0.0, =0.8.2, =1.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.13 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)
org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2022-31777...
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.chronon:aggregator_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +104 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.2.1)
org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =1.1.3, =1.4.0, =1.4.0, =0.2.3, =3.2.00.16.0, =0.14.0, =0.3.8-spark-3.1.2, =0.3.8-spark-3.2.0, =1.2.0-spark-3.2.0 - com.github.benfradet:spark-kafka-writer2.13 =0.6.0 and more...
ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (>=0.20 <=0.22) +59 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.13 (=3.3.0)
org.apache.spark:spark-core2.13 MAVEN version =3.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.13 and may be impacted: - ai.catboost:catboost-spark3.32.13 =1.1.1, =0.20, =0.9.8-3.3, =1.2.6-3.3, =1.2.1-3.3, =0.27.0,...