org.apache.spark:spark-core_2.10 (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.spark:spark-core_2.10, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2018-17190 — CVSS 9.8 (critical): In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on…
CVE-2025-54920 — CVSS 8.8 (high): This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes…
CVE-2017-12612 — CVSS 7.8 (high): In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications…
CVE-2018-11804 — CVSS 7.5 (high): Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation…
CVE-2017-7678 — CVSS 6.1 (medium): In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting…
CVE-2018-8024 — CVSS 5.4 (medium): In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark…
CVE-2022-31777 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute…
CVE-2018-1334 — CVSS 4.7 (medium): In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to…
CVE-2018-11770 — CVSS 4.2 (medium): From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism…