Lucene search
+L

1178 matches found

Chainguard
Chainguard
added 2026/03/27 7:17 a.m.13 views

CVE-2026-33870 vulnerabilities

Vulnerabilities for packages: kafka-bridge, kayenta, management-api-for-apache-cassandra-5.0, knative-kafka-broker, logstash, apache-activemq-artemis, opensearch, spark-fips, opensearch-fips, trino, akhq, neo4j, pinot-fips, kayenta-fips, kafbat-ui-fips, sonarqube, commercial-elasticsearch,...

7.5CVSS6.2AI score0.0064EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

6.3CVSS5.9AI score0.00488EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.3 views

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.38 views

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 8:54 a.m.11 views

BIT-SPARK-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.4AI score0.05341EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/03/16 4:14 p.m.8 views

CVE-2025-54920

Apache Spark contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson deserialization of event log data. This allows an attacker with access to the Spark event logs directory to inject malicious JSON payloads that trigger deserialization of arbitrary...

8.8CVSS6.2AI score0.05341EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.7 views

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +677 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.2.3)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.1.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65https://vulners.com/osv/OSV:GHSA-J...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.10 views

org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)

org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2025-54920...

8.8CVSS5.8AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.8 views

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1748 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.5.6)

org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.9 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.8 views

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.49.0), com.github.rumbledb:rumbledb (=2.0.0) +81 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.13 and may be impacted: - com.azure.cosmos.spark:azure-cosmos-spark4-02-13 =4.43.0, =0.43.0-preview, =0.43.0-preview,...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.7 views

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.9 views

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1722 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.4.8)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.42.1, =1.4.1, =1.4.3 - ai.grakn:grakn-dist =1.4.1 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2025-208669

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

6.4AI score0.05341EPSS
Exploits1References6
OSV
OSV
added 2026/03/16 3:30 p.m.5 views

GHSA-JWP6-CVJ8-FW65 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.6AI score0.05341EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.6 views

Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.4AI score0.05341EPSS
Exploits1References7Affected Software5
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS0.05341EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/03/15 3:17 p.m.180 views

Exploit for CVE-2025-60012

For educational and security research purposes only. Do not...

6.3CVSS6.1AI score0.00488EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/14 10:40 a.m.10 views

ai.catboost:catboost-spark_3.0_2.12 (>=0.25 <=1.2.8), ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8) +1483 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=3.0.0-preview <=3.5.6)

org.apache.spark:spark-core2.12 MAVEN version =3.0.0-preview, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.22.0, =0.36.0 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623151...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/14 10:40 a.m.8 views

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623152...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
Snyk
Snyk
added 2026/03/14 10:40 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Jackson implementation in the Spark History Server web UI. An attacker who can write event logs can achieve code execution by injecting malicious JSON payloads into event log files, which are the...

8.8CVSS6.2AI score0.05341EPSS
Exploits1References2
Rows per page
Query Builder