Apache Hertzbeat

16 CVEs affecting Apache Hertzbeat. Latest disclosed: 2026-02-10. Critical: 3, High: 12.

Top CVEs affecting Apache Hertzbeat
CVESeverityScorePublishedSummary
CVE-2023-51653Critical9.82024-02-22Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The…
CVE-2023-51389Critical9.82024-02-22Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuratio…
CVE-2023-51388Critical9.82024-02-22Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security p…
CVE-2026-24343High8.82026-02-10Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7…
CVE-2025-48208High8.82025-09-09Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs to have…
CVE-2025-24404High8.82025-09-09XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated account with ac…
CVE-2024-45505High8.82024-11-18Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can onl…
CVE-2024-41151High8.82024-11-18Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Ap…
CVE-2024-42323High8.82024-09-21SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating).  This vulnerability can only be exploited by authorized attackers. This…
CVE-2024-42362High8.82024-08-20Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. Th…
CVE-2024-45791High7.52024-11-18Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are re…
CVE-2024-42361High7.52024-08-20Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to downl…
CVE-2023-51650High7.52023-12-22Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulner…
CVE-2022-39337High7.52023-12-22Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1…
CVE-2023-51387High7.22023-12-22Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be…
CVE-2024-56736Medium6.52025-04-16Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat (incubating): before 1.7.0. Users are recommended t…