Every CVE whose affected-product data names Apache Atlas, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2022-34271 — CVSS 8.8 (high): A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache…
CVE-2026-40563 — CVSS 8.1 (high): Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search…
CVE-2016-8752 — CVSS 7.5 (high): Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by…
CVE-2017-3154 — CVSS 7.5 (high): Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
CVE-2024-46910 — CVSS 7.1 (high): An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier…
CVE-2017-3150 — CVSS 6.1 (medium): Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
CVE-2017-3155 — CVSS 6.1 (medium): Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
CVE-2019-10070 — CVSS 6.1 (medium): Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
CVE-2020-13928 — CVSS 6.1 (medium): Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and…
CVE-2017-3151 — CVSS 6.1 (medium): Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag…
CVE-2017-3153 — CVSS 6.1 (medium): Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
CVE-2017-3152 — CVSS 6.1 (medium): Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
CVE-2020-17521 — CVSS 5.5 (medium): Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those…
CVE-2025-62198 — CVSS 5.4 (medium): An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to…