CVE-2018-1295 — CVSS 9.8 (critical): In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization…
CVE-2018-8018 — CVSS 9.8 (critical): In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for…
CVE-2020-1963 — CVSS 9.1 (critical): Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to…
CVE-2024-52577 — CVSS 9.0 (critical): In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The…
CVE-2017-7686 — CVSS 7.5 (high): Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional…
CVE-2025-48977 — CVSS 6.5 (medium): Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with…
CVE-2016-6805 — CVSS 5.9 (medium): Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
CVE-2021-28163 — CVSS 2.7 (low): In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a…