Nifi

This hub aggregates every CVE we track for Nifi, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Nifi.

• CVE-2026-39816Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService8.8May 8, 2026
• CVE-2026-25903Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates8.4Feb 17, 2026
• CVE-2025-66524Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor8.8Dec 19, 2025
• CVE-2025-27017Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record6.5Mar 12, 2025
• CVE-2024-56512Apache NiFi: Missing Complete Authorization for Parameter and Service References5.4Dec 28, 2024
• CVE-2024-52067Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log4.9Nov 21, 2024
• CVE-2024-45477Apache NiFi: Improper Neutralization of Input in Parameter Description4.6Oct 29, 2024
• CVE-2024-37389Apache NiFi: Improper Neutralization of Input in Parameter Context Description4.6Jul 8, 2024
• CVE-2023-49145Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt7.9Nov 27, 2023
• CVE-2023-40037Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs6.5Aug 18, 2023
• CVE-2023-36542Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources8.8Jul 29, 2023
• CVE-2023-34212Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components6.5Jun 12, 2023
• CVE-2023-34468Apache NiFi: Potential Code Injection with Database Services using H28.8Jun 12, 2023
• CVE-2023-22832Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes7.5Feb 10, 2023
• CVE-2022-33140Improper Neutralization of Command Elements in Shell User Group Provider8.8Jun 15, 2022