Skywalking Security Vulnerabilities and Issues — Skywalking CVE List

ApacheSkywalking

4 matches found

CVE•added 2020/08/05 1:25 p.m.•93 views

CVE-2020-13921

The CVE-2020-13921 issue affects Apache SkyWalking when using H2/MySQL/TiDB as the storage backend. The vulnerability is a SQL injection in the wildcard query cases, introduced by insufficient validation of user-supplied input for wildcard alarm searches via GraphQL. Affects the storage-implement...

9.8CVSS9.6AI score0.04499EPSS

CVE•added 2020/06/30 2:28 p.m.•72 views

CVE-2020-9483

CVE-2020-9483 : A SQL injection in Apache SkyWalking storage when using H2/MySQL/TiDB backends, via a metadata GraphQL query. The root cause is improper SQL parameter handling in the storage implementations (versions 6.0.0–6.6.0 and 7.0.0). This could allow an attacker to access unexpected data b...

7.5CVSS7.8AI score0.94091EPSS

CVE•added 2026/04/15 10:54 a.m.•13 views

CVE-2026-30778

CVE-2026-30778 affects Apache SkyWalking OAP where the /debugging/config/dump endpoint may leak sensitive configuration data (including MySQL/PostgreSQL-related details) in versions 9.7.0 through 10.3.0. The exposure is tied to the configuration dump functionality, potentially revealing credentia...

7.5CVSS5.8AI score0.00041EPSS

CVE•added 2025/11/27 11:47 a.m.•11 views

CVE-2025-54057

Apache SkyWalking contains a stored/basic XSS vulnerability (CVE-2025-54057) due to improper neutralization of script-related HTML tags. Affects SkyWalking

6.1CVSS6.2AI score0.00258EPSS