This page lists publicly disclosed CVE vulnerabilities affecting apache atlas (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-40563 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect Version: This issue affects Apache Atlas: from 0.8 through 2.4.0. For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration. atlas.dsl.execu | [email protected] | 8.1 | 0.02% | 2026-05-04 | 2026-05-06 |
| CVE-2024-46910 | An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue. | [email protected] | 7.1 | 0.45% | 2025-02-13 | 2025-07-14 |
| CVE-2022-34271 | A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | [email protected] | 8.8 | 0.22% | 2022-12-14 | 2025-04-18 |
| CVE-2020-17521 | Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. | [email protected] | 5.5 | 2.43% | 2020-12-07 | 2024-11-21 |
| CVE-2020-13928 | Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | [email protected] | 6.1 | 1.89% | 2020-09-16 | 2024-11-21 |
| CVE-2019-10070 | Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | [email protected] | 6.1 | 1.44% | 2019-11-18 | 2024-11-21 |
| CVE-2017-3155 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | [email protected] | 6.1 | 1.94% | 2017-08-29 | 2026-05-13 |
| CVE-2017-3154 | Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | [email protected] | 7.5 | 0.83% | 2017-08-29 | 2026-05-13 |
| CVE-2017-3153 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | [email protected] | 6.1 | 1.44% | 2017-08-29 | 2026-05-13 |
| CVE-2017-3152 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | [email protected] | 6.1 | 1.44% | 2017-08-29 | 2026-05-13 |
| CVE-2017-3151 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | [email protected] | 6.1 | 1.02% | 2017-08-29 | 2026-05-13 |
| CVE-2017-3150 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | [email protected] | 6.1 | 1.02% | 2017-08-29 | 2026-05-13 |
| CVE-2016-8752 | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | [email protected] | 7.5 | 1.02% | 2017-08-29 | 2026-05-13 |