pkg:Bitnami/nifi

All known vulnerabilities

• HIGH8.8CVE-2026-39816Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission
  >= 2.0.0, < 2.9.0
• HIGH8.8CVE-2023-36542Apache NiFi Code Injection vulnerability
  >= 0.0.2, <= 1.22.0
• HIGH8.8CVE-2023-34468Apache NiFi vulnerable to Code Injection
  >= 0.0.2, < 1.22.0
• HIGH8.8Code injection in Apache NiFi and NiFi Registry
  >= 1.10.0, <= 1.16.2
• HIGH8.1Deserialization of untrusted data in jackson-databind
  >= 1.7.0, <= 1.12.1
• HIGH7.9Improper Neutralization of Input in Advanced User Interface for Jolt
  >= 0.7.0, < 1.24.0
• HIGH7.5XML External Entity Reference in Apache NiFi
  >= 1.2.0, <= 1.19.1
• HIGH7.5Multiple components in Apache NiFi do not restrict XML External Entity references
  >= 0.0.1, <= 1.16.0
• HIGH7.5Inadequate Encryption Strength in Apache NiFi
  >= 1.0.0, <= 1.11.4
• HIGH7.5Missing Authentication for Critical Function in Apache NiFi
  >= 1.0.0, <= 1.11.4
• HIGH7.5Insertion of Sensitive Information into Log File in Apache NiFi Stateless
  >= 1.0.0, <= 1.11.4
• HIGH7.5Insertion of Sensitive Information into Log File in Apache NiFi
  >= 0.0.1, <= 1.11.0
• MEDIUM6.5Apache NiFi Insufficient Property Validation vulnerability
  >= 1.21.0, < 1.23.1
• MEDIUM6.5Apache NiFi vulnerable to Deserialization of Untrusted Data
  >= 1.8.0, <= 1.21.0
• MEDIUM6.5Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
  >= 1.14.0, < 1.16.0
• MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
  >= 0.1.0, < 1.15.1
• MEDIUM6.1Cross-site scripting in Apache NiFi
  >= 1.0.0, <= 1.10.0
• MEDIUM5.5Improper Restriction of XML External Entity Reference in Apache NiFi
  >= 1.0.0, <= 1.11.4
• MEDIUM5.4Apache NiFi: Missing Complete Authorization for Parameter and Service References
  >= 1.10.0, < 2.1.0
• MEDIUM5.3Apache NiFi Insertion of Sensitive Information into Log File
  >= 1.10.0, <= 1.10.0
• MEDIUM5.3DOS vulnerability for Quoted Quality CSV headers
  >= 1.13.0, <= 1.13.0
• MEDIUM4.6Apache NiFi Cross-site Scripting vulnerability
  >= 1.10.0, < 1.28.0
• —Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
  >= 1.1.0, < 2.8.0
• —Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization
  >= 1.20.0, < 2.7.0