Apache Atlas
9 CVEs affecting Apache Atlas. Latest disclosed: 2026-05-04. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40563 | High | 8.1 | 2026-05-04 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts us… |
CVE-2017-3154 | High | 7.5 | 2017-08-29 | Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. |
CVE-2016-8752 | High | 7.5 | 2017-08-29 | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js… |
CVE-2017-3155 | Medium | 6.1 | 2017-08-29 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. |
CVE-2017-3153 | Medium | 6.1 | 2017-08-29 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. |
CVE-2017-3152 | Medium | 6.1 | 2017-08-29 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. |
CVE-2017-3151 | Medium | 6.1 | 2017-08-29 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. |
CVE-2017-3150 | Medium | 6.1 | 2017-08-29 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. |
CVE-2019-10070 | | 2019-11-18 | Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality |