Org.apache.druid:druid
This hub aggregates every CVE we track for Org.apache.druid:druid, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH2CRITICAL1
Monthly trend
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Org.apache.druid:druid.
- CVE-2025-59390Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.9.8
- CVE-2025-27888Apache Druid: Server-Side Request Forgery and Cross-Site Scripting5.4
- CVE-2024-45537Apache Druid: Users can provide MySQL JDBC properties not on allow list6.5
- CVE-2022-28889Clickjacking in the web console4.3
- CVE-2021-44791Reflected XSS on certain HTTP endpoints6.1
- CVE-2021-26919Apache Druid Authenticated users can execute arbitrary code from malicious MySQL database systems.8.8
- CVE-2021-25646Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.8.8
- CVE-2020-1958When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines ...6.5
Product normalization is registry-driven with AI assist and human review. How it works