CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server

Severity: low Affected versions: - Apache Seata (incubating) 2.0.0 before 2.2.0 Description: Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0,

CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function

Severity: low Affected versions: - Apache Airflow MySQL Provider before 6.2.0 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they co

CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting

Affected versions: - Apache Druid before 31.0.2 - Apache Druid before 32.0.1 Description: Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redir

CVE-2024-54016: compression bomb attack in Apache Seata Server

Severity: Low Affected versions: - Apache Seata (incubating) through <=2.2.0 Description: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgra