Apache Vulnerabilities
Comprehensive security vulnerability database for Apache products
1
7
18
6
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-23983 | 2.3 | This vulnerability allows authenticated users with low privileges to access sensitive information, such as password hashes and email addresses, through a specific API endpoint in Apache Superset. To exploit this, the tagging feature must be enabled, which is not the default setting, but users should upgrade to version 6.0.0 to fully protect against this risk. | apachesuperset | Theoretical | about 1 month agoFeb 24, 2026 |
About Apache Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Apache products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.