| CVE-2025-59390 |
unknown |
— |
— |
6mo ago |
Apache Druid’s Kerberos authenticator uses a weak fallback secret |
|
| CVE-2025-27888 |
unknown |
— |
— |
1y ago |
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect |
|
| CVE-2024-45537 |
unknown |
— |
— |
2y ago |
Apache Druid: Users can provide MySQL JDBC properties not on allow list |
|
| CVE-2022-28889 |
unknown |
— |
— |
4y ago |
Apache Druid before 0.23.0 vulnerable to clickjacking |
|
| CVE-2021-44791 |
unknown |
— |
— |
4y ago |
Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters |
|
| CVE-2020-1958 |
unknown |
— |
— |
4y ago |
Credentials bypass in Apache Druid |
|
| CVE-2021-26919 |
unknown |
— |
— |
5y ago |
Arbitrary code execution in Apache Druid |
|
| CVE-2021-25646 |
unknown |
— |
— |
5y ago |
Code injection in Apache Druid |
|