Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
Maven/org.apache.druid:druid — 8 CVEs · VulnScope
pkg:Maven/
org.apache.druid:druid
8 total CVEs
CRITICAL
1
HIGH
2
MEDIUM
4
LOW
1
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.8
CVE-2025-59390
Apache Druid’s Kerberos authenticator uses a weak fallback secret
from 0, < 35.0.0
HIGH
8.8
CVE-2021-26919
Arbitrary code execution in Apache Druid
from 0, < 0.20.2
HIGH
8.8
Code injection in Apache Druid
from 0, < 0.20.1
MEDIUM
6.5
Credentials bypass in Apache Druid
>= 0.17.0, < 0.17.1
MEDIUM
6.1
Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters
from 0, < 0.23.0
MEDIUM
5.4
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect
from 0, < 31.0.2
MEDIUM
4.3
Apache Druid before 0.23.0 vulnerable to clickjacking
from 0, < 0.23.0
LOW
3.1
Apache Druid: Users can provide MySQL JDBC properties not on allow list
from 0, < 30.0.1
CVE-2021-25646
CVE-2020-1958
CVE-2021-44791
CVE-2025-27888
CVE-2022-28889
CVE-2024-45537