ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1722 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.4.8)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =local, =0.0.1, =0.42.1, =1.4.1, =1.4.3 - ai.grakn:grakn-dist =1.4.1 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.48.0), com.github.rumbledb:rumbledb (=2.0.0) +84 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=4.0.0-preview2 <=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0-preview2, =4.43.0, =0.43.0-preview, =0.43.0-preview, =4.0.0-preview22.0.1, =0.0.3, =0.0.3, =7.0.1, =4.1.0, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc7 and more Source cves: CVE-2025-54920 Source advisory:...

Information Disclosure

spark-core is vulnerable to information disclosure. The vulnerability exists as it leaves data unencrypted on local disk...

ai.catboost:catboost-spark_2.3_2.11 (>=0.25 <=1.2.7), ai.h2o:sparkling-water-examples_2.11 (>=2.3.0 <=2.3.6) +165 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.11 (=2.3.0)

org.apache.spark:spark-core2.11 MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.11 and may be impacted: - ai.catboost:catboost-spark2.32.11 =0.25, =2.3.0, =2.3.0, =0.0.3, =1.0, =0.1.0, =1.0, =0.4.0,...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +635 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.1.2)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.18, =2.0.0, =1.0.0, =0.5.2, =1.0, =2.11-2.1.1-2.2.0, =4.2.0, =4.2.0, =5.0.0 and more Source cves: CVE-2018-1334 Source advisory: OSV:GHSA-6MQQ-8R44-VMJC...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +643 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.10 (>=1.0.0 <=2.1.2)

org.apache.spark:spark-core2.10 MAVEN version =1.0.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2018-1334 Source advisory: OSV:GHSA-6MQQ-8R44-VMJChttps://vulners.com/osv/OSV:GHSA-6MQQ-8R44-VMJ...

ae.teletronics.nlp:entityextraction (=1.3), au.gov.amsa.risky:spark (>=0.5.2 <=0.5.9) +269 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=1.6.3)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.5.2, =1.0.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =1.6.0, =1.0, =1.0.1, =1.0.0, =0.8.0, =0.8.2 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7...

ch.zzeekk.spark:spark-temporalquery_2.10 (=1.0.0), com.antgroup.tugraph:calcite-spark (>=1.18.0-geaflow_1.0 <=1.18.0-geaflow_1.1) +159 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.10 (>=2.0.0-preview <=2.2.3)

org.apache.spark:spark-core2.10 MAVEN version =2.0.0-preview, =1.18.0-geaflow1.0, =0.1.0, =2.0.0, =0.8.2, =1.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.13 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7...

com.datastax.spark:spark-cassandra-connector-demos_2.10 (>=1.0.0 <=1.0.6), com.datastax.spark:spark-cassandra-connector-java_2.10 (>=1.0.0 <=1.0.6) +23 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=0.9.2)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.9.0-C2-EA, =0.5.0, =0.9.0, =0.8.3, =0.9.0-incubating, =0.9.0-incubating, =0.9.2 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +625 more potentially affected by CVE-2017-12612 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.1.1)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.18, =2.0.0, =1.0.0, =0.5.2, =1.0, =2.11-2.1.1-2.2.0, =4.2.0, =4.2.0, =5.0.0 and more Source cves: CVE-2017-12612 Source advisory: OSV:GHSA-8RHC-48PP-52GR...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +644 more potentially affected by CVE-2017-12612 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.1.1)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2017-12612 Source advisory: OSV:GHSA-8RHC-48PP-52GRhttps://vulners.com/osv/OSV:GHSA-...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1038 more potentially affected by CVE-2018-11770 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.3.2)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2018-11770 Source advisory: OSV:GHSA-W4R4-65MG-45X2...

ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744), ai.grakn:grakn-dist (>=0.7.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +171 more potentially affected by CVE-2018-9159 via com.sparkjava:spark-core (>=1.0 <=2.7.1)

com.sparkjava:spark-core MAVEN version =1.0, =0.7.0, =0.6.1, =0.6.1, =0.7.0, =0.15.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.16.0, =1.0, =1.2.0 - br.com.logiquesistemas:easy-spark =1.0.0 and more Source cves: CVE-2018-9159 Source advisory: OSV:GHSA-76QR-MMH8-CP8F...

ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744), ai.grakn:grakn-dist (>=0.7.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +98 more potentially affected by CVE-2016-9177 via com.sparkjava:spark-core (>=1.0 <=2.5.1)

com.sparkjava:spark-core MAVEN version =1.0, =0.7.0, =0.6.1, =0.6.1, =0.7.0, =0.15.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.16.0, =1.0, =1.2.0 - br.com.logiquesistemas:easy-spark =1.0.0 and more Source cves: CVE-2016-9177 Source advisory: OSV:GHSA-89GC-6CW6-4VCH...

Information Disclosure

spark-core is vulnerable to information disclosure. The vulnerability is possible due to a flaw in the security filter not performing authentication at the application level but instead at the roof of the UI. Therefore, the data and application in the SHS can be accessed through the REST API by a...