Apache Druid Vulnerabilities
Apache Apache Druid vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Server-Side Request Forgery and Cross-Site Scripting in Apache Druid
CVE-2025-27888ApacheApache Druid5.8MEDIUMApache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45537ApacheApache Druid6.5MEDIUMPadding Oracle Vulnerability in Apache Druid's Druid-Pac4j Extension
CVE-2024-45384ApacheApache Druid5.3MEDIUMClickjacking in the web console
CVE-2022-28889ApacheApache Druid4.3MEDIUMReflected XSS on certain HTTP endpoints
CVE-2021-44791ApacheApache Druid6.1MEDIUMApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
CVE-2021-36749ApacheApache DruidπΎπ‘EPSS 93%6.5MEDIUMApache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended
CVE-2021-26920ApacheApache Druid6.5MEDIUMApache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems.
CVE-2021-26919ApacheApache DruidEPSS 75%8.8HIGHAuthenticated users can override system configurations in their requests which allows them to execute arbitrary code.
CVE-2021-25646ApacheApache DruidπΎπ‘EPSS 94%8.8HIGHLDAP Injection Vulnerability in Apache Druid by Apache
CVE-2020-1958ApacheApache DruidπΎπ‘EPSS 15%6.5MEDIUM
20 March 2025
17 September 2024
7 July 2022
24 September 2021
2 July 2021
30 March 2021
29 January 2021
1 April 2020
No more vulnerabilities to load.