Org.apache.cassandra:cassandra-all
This hub aggregates every CVE we track for Org.apache.cassandra:cassandra-all, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
2
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM3CRITICAL2
Monthly trend
0
0
0
0
0
0
0
3
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Org.apache.cassandra:cassandra-all.
- CVE-2025-26467Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)8.8
- CVE-2024-27137Apache Cassandra: unrestricted deserialization of JMX authentication credentials5.3
- CVE-2025-24860Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions5.4
- CVE-2025-23015Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions8.8
- CVE-2023-30601Apache Cassandra: Privilege escalation when enabling FQL/Audit logs7.8
- CVE-2021-44521Remote code execution for scripted UDFs9.1
- CVE-2020-17516Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted inte...7.5
- CVE-2020-13946In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to...5.9
- CVE-2018-8016The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code v...9.8
Product normalization is registry-driven with AI assist and human review. How it works