org.apache.dolphinscheduler:dolphinscheduler (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.dolphinscheduler:dolphinscheduler, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (17)
CVE-2023-49109 — CVSS 9.8 (critical): Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users…
CVE-2020-11974 — CVSS 9.8 (critical): In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.
CVE-2024-43166 — CVSS 9.8 (critical): Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are…
CVE-2022-45875 — CVSS 9.8 (critical): Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This…
CVE-2024-43115 — CVSS 8.8 (high): Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert…
CVE-2024-29831 — CVSS 8.8 (high): Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be…
CVE-2026-23902 — CVSS 8.1 (high): Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants…
CVE-2024-30188 — CVSS 8.1 (high): File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This…
CVE-2023-48796 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to…
CVE-2025-62188 — CVSS 7.5 (high): An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow…
CVE-2022-25598 — CVSS 7.5 (high): Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users…
CVE-2023-51770 — CVSS 7.5 (high): Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users…
CVE-2023-49250 — CVSS 7.3 (high): Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https…
CVE-2022-34662 — CVSS 6.5 (medium): When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You…
CVE-2023-50270 — CVSS 6.5 (medium): Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change. Users are…
CVE-2022-26884 — CVSS 6.5 (medium): Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
CVE-2025-62233 — CVSS 6.3 (medium): Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version…