| CVE-2021-25646 |
unknown |
— |
1.0 |
|
|
|
5y ago |
Code injection in Apache Druid |
| CVE-2025-59390 |
unknown |
— |
— |
|
|
|
6mo ago |
Apache Druid’s Kerberos authenticator uses a weak fallback secret |
| CVE-2025-27888 |
unknown |
— |
— |
|
|
|
1y ago |
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect |
| CVE-2024-45537 |
unknown |
— |
— |
|
|
|
2y ago |
Apache Druid: Users can provide MySQL JDBC properties not on allow list |
| CVE-2022-28889 |
unknown |
— |
— |
|
|
|
4y ago |
Apache Druid before 0.23.0 vulnerable to clickjacking |
| CVE-2021-44791 |
unknown |
— |
— |
|
|
|
4y ago |
Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters |
| CVE-2020-1958 |
unknown |
— |
— |
|
|
|
4y ago |
Credentials bypass in Apache Druid |
| CVE-2021-26919 |
unknown |
— |
— |
|
|
|
5y ago |
Arbitrary code execution in Apache Druid |